Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
csrf vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-8465
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an malicious user to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
Trendmicro Interscan Web Security Virtual Appliance 6.5
10
CVSSv2
CVE-2020-3531
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote malicious user to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API ca...
Cisco Iot Field Network Director
10
CVSSv2
CVE-2020-16204
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an malicious user to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).
Redlion N-tron 702-w Firmware
Redlion N-tron 702m12-w Firmware
10
CVSSv2
CVE-2018-6342
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF ...
Facebook React-dev-utils
10
CVSSv2
CVE-2016-5791
An Improper Authentication issue exists in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication.
Jantek Jtc-200 Firmware
10
CVSSv2
CVE-2017-9811
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
Kaspersky Anti-virus For Linux Server
1 EDB exploit
1 Article
10
CVSSv2
CVE-2017-9034
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows malicious users to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.
Trendmicro Serverprotect 3.0
10
CVSSv2
CVE-2016-5670
Crestron Electronics DM-TXRX-100-STR devices with firmware prior to 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote malicious users to obtain access via the web management interface.
Crestron Dm-txrx-100-str Firmware 1.2866.00026
10
CVSSv2
CVE-2016-4325
Lantronix xPrintServer devices with firmware prior to 5.0.1-65 have hardcoded credentials, which allows remote malicious users to obtain root access via unspecified vectors.
Lantronix Xprintserver Firmware
10
CVSSv2
CVE-2015-5989
Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote malicious users to obtain administrative privileges via certain changes to LockStatus and Login_Success values.
Zyxel Gs1900-10hp Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »