Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
def vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-5383
SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the article parameter.
Def-blog Def-blog 1.0.1
1 EDB exploit
5.8
CVSSv2
CVE-2021-38111
The DEF CON 27 badge allows remote malicious users to exploit a buffer overflow by sending an oversized packet via the NFMI (Near Field Magnetic Induction) protocol.
Defcon Def Con 27 Firmware -
1 Github repository
7.5
CVSSv2
CVE-2008-3388
Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote malicious users to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php.
Easy-script Def Blog 1.0.3
2 EDB exploits
NA
CVE-2023-44317
Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device.
Siemens Scalance Xb208 (e/ip) Firmware -
Siemens Scalance Xb208 (pn) Firmware -
Siemens Scalance Xb216 (e/ip) Firmware -
Siemens Scalance Xb216 (pn) Firmware -
Siemens Scalance Xc206-2 (sc) Firmware -
Siemens Scalance Xc206-2 (st/bfoc) Firmware -
Siemens Scalance Xc206-2g Poe Firmware -
Siemens Scalance Xc206-2g Poe (54 V Dc) Firmware -
Siemens Scalance Xc206-2g Poe Eec (54 V Dc) Firmware -
Siemens Scalance Xc206-2sfp Firmware -
Siemens Scalance Xc206-2sfp Eec Firmware -
Siemens Scalance Xc206-2sfp G Firmware -
Siemens Scalance Xc206-2sfp G (eip Def.) Firmware -
Siemens Scalance Xc206-2sfp G Eec Firmware -
Siemens Scalance Xc208 Firmware -
Siemens Scalance Xc208eec Firmware -
Siemens Scalance Xc208g Firmware -
Siemens Scalance Xc208g (eip Def.) Firmware -
Siemens Scalance Xc208g Eec Firmware -
Siemens Scalance Xc208g Poe Firmware -
Siemens Scalance Xc208g Poe (54 V Dc) Firmware -
Siemens Scalance Xc216 Firmware -
NA
CVE-2020-17354
LilyPond prior to 2.24 allows malicious users to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2....
Lilypond Lilypond
9.3
CVSSv2
CVE-2011-4109
Double free vulnerability in OpenSSL 0.9.8 prior to 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote malicious users to have an unspecified impact by triggering failure of a policy check.
Openssl Openssl 0.9.8b
Openssl Openssl 0.9.8m
Openssl Openssl 0.9.8c
Openssl Openssl 0.9.8n
Openssl Openssl 0.9.8p
Openssl Openssl 0.9.8e
Openssl Openssl 0.9.8g
Openssl Openssl 0.9.8k
Openssl Openssl 0.9.8d
Openssl Openssl 0.9.8j
Openssl Openssl 0.9.8l
Openssl Openssl 0.9.8r
Openssl Openssl 0.9.8a
Openssl Openssl 0.9.8o
Openssl Openssl 0.9.8q
Openssl Openssl 0.9.8
Openssl Openssl 0.9.8i
Openssl Openssl 0.9.8f
Openssl Openssl 0.9.8h
1 Article
NA
CVE-2023-48699
fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to...
Ubertidavide Fastbots
7.5
CVSSv2
CVE-2021-43267
An issue exists in net/tipc/crypto.c in the Linux kernel prior to 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote malicious users to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
Linux Linux Kernel
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
2 Github repositories
2 Articles
9
CVSSv2
CVE-2019-11444
An issue exists in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/contr...
Liferay Liferay Portal 7.1.2
NA
CVE-2024-28244
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX suppor...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »