Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
directory server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft Sharepoint Server 2019
4 Github repositories
3 Articles
9.8
CVSSv3
CVE-2023-2278
The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. This allows unauthenticated malicious users to include and execute arbitrary files on the server, allowing the e...
Wpdirectorykit Wp Directory Kit
9.8
CVSSv3
CVE-2023-29268
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote malicious user to upload or modify arbitrary files within the web server directory on the affected system. Affected releases ...
Tibco Spotfire Statistics Services 11.6.0
Tibco Spotfire Statistics Services 11.6.1
Tibco Spotfire Statistics Services 11.6.2
Tibco Spotfire Statistics Services 11.7.0
Tibco Spotfire Statistics Services 11.8.0
Tibco Spotfire Statistics Services 11.8.1
Tibco Spotfire Statistics Services 12.0.0
Tibco Spotfire Statistics Services 12.0.1
Tibco Spotfire Statistics Services 12.0.2
Tibco Spotfire Statistics Services 12.1.0
Tibco Spotfire Statistics Services 12.2.0
Tibco Spotfire Statistics Services 11.5.0
Tibco Spotfire Statistics Services
9.8
CVSSv3
CVE-2023-24538
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the act...
Golang Go
2 Github repositories
9.8
CVSSv3
CVE-2023-28462
A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and previous versions is used, allows remote malicious users to load malicious code on the server once...
Payara Payara Server
9.8
CVSSv3
CVE-2022-45141
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting ...
Samba Samba
9.8
CVSSv3
CVE-2022-43514
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected component does not correctly validate the root path on folder...
Siemens Automation License Manager 5.1
Siemens Automation License Manager 6.0
Siemens Automation License Manager 6.0.1
Siemens Automation License Manager 6.0.8
Siemens Automation License Manager 6.0.9
Siemens Automation License Manager 5.0.0
Siemens Automation License Manager 5.2
Siemens Automation License Manager 5.3
Siemens Automation License Manager 5.3.4.4
9.8
CVSSv3
CVE-2023-0017
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and da...
Sap Netweaver Application Server For Java 7.50
9.8
CVSSv3
CVE-2022-46255
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary...
Github Enterprise Server 3.7.0
9.8
CVSSv3
CVE-2022-43400
A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allo...
Siemens Siveillance Video Mobile Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »