Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
halo halo vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-21525
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.
Halo Halo 1.1.3
668
VMScore
CVE-2020-21526
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.
Halo Halo 1.1.3
445
VMScore
CVE-2022-26619
Halo Blog CMS v1.4.17 exists to allow malicious users to upload arbitrary files via the Attachment Upload function.
Halo Halo 1.4.17
312
VMScore
CVE-2021-43659
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
Halo Halo 1.4.14
505
VMScore
CVE-2004-1539
Halo: Combat Evolved 1.05 and previous versions allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference.
Gearbox Software Halo Combat Evolved 1.2
Gearbox Software Halo Combat Evolved 1.31
Gearbox Software Halo Combat Evolved 1.4
Gearbox Software Halo Combat Evolved 1.5
1 EDB exploit
445
VMScore
CVE-2004-1667
Off-by-one error in Halo Combat Evolved 1.04 and previous versions allows remote malicious users to cause a denial of service (server crash) via a long client response.
Gearbox Software Halo Combat Evolved 1.2
Gearbox Software Halo Combat Evolved 1.31
Gearbox Software Halo Combat Evolved 1.4
312
VMScore
CVE-2022-22124
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser.
Fit2cloud Halo
312
VMScore
CVE-2022-22123
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server.
Fit2cloud Halo
312
VMScore
CVE-2022-28074
Halo-1.5.0 exists to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools.
Fit2cloud Halo 1.5.0
320
VMScore
CVE-2019-5625
The Android mobile application Halo Home prior to 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an malicious user to impersonate...
Eaton Halo Home 1.9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »