Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metasploit.com vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-8010
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
Broadcom Unified Infrastructure Management
Broadcom Unified Infrastructure Management 20.1
1 Github repository
9
CVSSv2
CVE-2019-12840
In Webmin up to and including 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Webmin Webmin
12 Github repositories
10
CVSSv2
CVE-2015-3435
Samsung Security Manager (SSM) prior to 1.31 allows remote malicious users to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.
Samsung Samsung Security Manager
9
CVSSv2
CVE-2020-35606
Arbitrary command execution can occur in Webmin up to and including 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-1...
Webmin Webmin
4 Github repositories
9.3
CVSSv2
CVE-2011-0257
Integer signedness error in Apple QuickTime prior to 7.7 allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.
Apple Quicktime
Apple Quicktime 7.6.1
Apple Quicktime 7.66.71.0
Apple Quicktime 7.5.5
Apple Quicktime 7.3.1.70
Apple Quicktime 7.2.0
Apple Quicktime 7.1.5
Apple Quicktime 7.1.6
Apple Quicktime 7.6.6
Apple Quicktime 7.67.75.0
Apple Quicktime 7.3.0
Apple Quicktime 7.3.1
Apple Quicktime 7.1.3
Apple Quicktime 7.1.4
Apple Quicktime 7.6.8
Apple Quicktime 7.6.5
Apple Quicktime 7.4.1
Apple Quicktime 7.4.5
Apple Quicktime 7.1.1
Apple Quicktime 7.1.2
Apple Quicktime 7.0.3
Apple Quicktime 7.0.4
1 EDB exploit
10
CVSSv2
CVE-2012-0500
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and previous versions, 6 Update 30 and previous versions, and JavaFX 2.0.2 and previous versions allows remote untrusted Java Web Start applications and untrusted Java applets t...
Sun Jre 1.6.0
Oracle Jre 1.6.0
Oracle Jre
Oracle Jre 1.7.0
Oracle Javafx 1.2.3
Oracle Javafx
Oracle Javafx 2.0
Oracle Javafx 1.3.1
Oracle Javafx 1.3.0
Oracle Javafx 1.2
Oracle Javafx 1.2.2
1 EDB exploit
NA
CVE-2022-41622
In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-iq Centralized Management 7.1.0
F5 Big-iq Centralized Management
F5 Big-ip Advanced Firewall Manager 17.0.0
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics 17.0.0
F5 Big-ip Analytics
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Access Policy Manager
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager 17.0.0
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Policy Enforcement Manager
NA
CVE-2022-41800
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the malicious user to cross a secur...
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Analytics 17.0.0
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Acceleration Manager 17.0.0
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Global Traffic Manager 17.0.0
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
7.5
CVSSv2
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
Fortilogger Fortilogger
1 Github repository
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »