Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liquidworm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-3475327
Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap....
NA
CVE-2022-34753
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller (5200WHC2), formerly known...
Schneider-electric Spacelogic C-bus Home Controller Firmware
1 Github repository
570
VMScore
CVE-2022-25359
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files.
Iclinks Scadaflex Ii Firmware 1.01.01
Iclinks Scadaflex Ii Firmware 1.01.14
Iclinks Scadaflex Ii Firmware 1.02.01
Iclinks Scadaflex Ii Firmware 1.02.15
Iclinks Scadaflex Ii Firmware 1.02.20
Iclinks Scadaflex Ii Firmware 1.03.07
Iclinks Weblib 1.13
Iclinks Weblib 1.14
Iclinks Weblib 1.16
Iclinks Weblib 1.22
Iclinks Weblib 1.24
312
VMScore
CVE-2021-31583
Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: St...
Sipwise Next Generation Communication Platform 3.6.7
605
VMScore
CVE-2021-31584
Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges.
Sipwise Next Generation Communication Platform 3.6.4
NA
CVE-2021-3158413
The Sipwise application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web si...
NA
CVE-2021-3158313
Sipwise software platform suffers from multiple authenticated stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitr...
312
VMScore
CVE-2021-26549
An XSS issue exists in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
Smartfoxserver Smartfoxserver 2.17.0
187
VMScore
CVE-2021-26550
An issue exists in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml.
Smartfoxserver Smartfoxserver 2.17.0
534
VMScore
CVE-2021-26551
An issue exists in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.
Smartfoxserver Smartfoxserver 2.17.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »