Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
halo halo vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-43659
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
Halo Halo 1.4.14
9.8
CVSSv3
CVE-2020-21523
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign tes...
Halo Halo 1.1.3
9.8
CVSSv3
CVE-2020-21526
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.
Halo Halo 1.1.3
7.7
CVSSv3
CVE-2020-21527
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal.
Halo Halo 1.1.3
NA
CVE-2004-1539
Halo: Combat Evolved 1.05 and previous versions allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference.
Gearbox Software Halo Combat Evolved 1.2
Gearbox Software Halo Combat Evolved 1.31
Gearbox Software Halo Combat Evolved 1.4
Gearbox Software Halo Combat Evolved 1.5
1 EDB exploit
NA
CVE-2004-1667
Off-by-one error in Halo Combat Evolved 1.04 and previous versions allows remote malicious users to cause a denial of service (server crash) via a long client response.
Gearbox Software Halo Combat Evolved 1.2
Gearbox Software Halo Combat Evolved 1.31
Gearbox Software Halo Combat Evolved 1.4
5.4
CVSSv3
CVE-2022-22123
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server.
Fit2cloud Halo
5.4
CVSSv3
CVE-2022-22124
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser.
Fit2cloud Halo
4.8
CVSSv3
CVE-2022-28074
Halo-1.5.0 exists to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools.
Fit2cloud Halo 1.5.0
7.1
CVSSv3
CVE-2019-5625
The Android mobile application Halo Home prior to 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an malicious user to impersonate...
Eaton Halo Home 1.9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »