Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
micha borrmann vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2016-9207
A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote malicious user to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability ...
Cisco Expressway X8.8.3
Cisco Expressway X8.7.2
4.3
CVSSv2
CVE-2014-2845
Cyberduck prior to 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle malicious users to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.
Cyberduck Cyberduck
5
CVSSv2
CVE-2020-10110
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipient...
Citrix Gateway Firmware 11.1
Citrix Gateway Firmware 12.0
Citrix Gateway Firmware 12.1
5.8
CVSSv2
CVE-2020-10112
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies ...
Citrix Gateway Firmware 11.1
Citrix Gateway Firmware 12.0
Citrix Gateway Firmware 12.1
5.8
CVSSv2
CVE-2019-19199
REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout.
Reddoxx Maildepot 2032
6.5
CVSSv2
CVE-2019-19200
REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users.
Reddoxx Maildepot 2032
4.3
CVSSv2
CVE-2018-19694
HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.
Hms-networks Netbiter Ws100 Firmware
Hms-networks Netbiter Ws200 Firmware
Hms-networks Netbiter Ec150 Firmware
Hms-networks Netbiter Ec250 Firmware
Hms-networks Netbiter Lc310 Firmware
Hms-networks Netbiter Lc310 Thingworx Firmware
Hms-networks Netbiter Lc350 Firmware
Hms-networks Netbiter Lc350 Thingworx Firmware
4.3
CVSSv2
CVE-2006-0706
Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) prior to 1.3.3 allows remote malicious users to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter.
Gastebuch Gastebuch
1 EDB exploit
5
CVSSv2
CVE-2018-18566
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and previous versions allow remote malicious users to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.
Polycom Unified Communications Software
Polycom Vvx 601 Firmware -
Polycom Vvx 500 Firmware -
4.3
CVSSv2
CVE-2018-18567
AudioCodes 440HD and 450HD devices 3.1.2.89 and previous versions allows man-in-the-middle malicious users to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
Audiocodes 440hd Firmware
Audiocodes 450hd Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »