Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
multi server vulnerabilities and exploits
(subscribe to this query)
720
VMScore
CVE-2012-6530
Stack-based buffer overflow in Sysax Multi Server prior to 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted request.
Sysax Multi Server
Sysax Multi Server 4.3
Sysax Multi Server 4.5
2 EDB exploits
405
VMScore
CVE-2009-4800
Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 allows remote authenticated users to delete arbitrary files via a ..// (dot dot slash slash) in a DELE command.
Sysax Multi Server 4.3
Sysax Multi Server 4.5
1 EDB exploit
383
VMScore
CVE-2020-13228
An issue exists in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
Sysax Multi Server 6.90
1 Github repository
905
VMScore
CVE-2009-4790
Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sysax Multi Server 4.5
1 EDB exploit
356
VMScore
CVE-2020-23574
When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfile_name1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash.
Sysax Multi Server 6.90
445
VMScore
CVE-2020-13227
An issue exists in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism.
Sysax Multi Server 6.90
1 Github repository
605
VMScore
CVE-2020-13229
An issue exists in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token.
Sysax Multi Server 6.90
1 Github repository
641
VMScore
CVE-2009-0912
perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 up to and including 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows malicious users to gain privileges via "special characters" in uns...
Mandriva Linux 2008.1
Mandriva Linux 2008.0
Mandriva Linux Corporate Server 4.0
Mandriva Multi Network Firewall 2.0
Mandriva Linux 2009.0
Mandriva Linux Corporate Server 3.0
578
VMScore
CVE-2018-14570
A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified...
Niushop B2b2c Multi-business 1.11
445
VMScore
CVE-2015-3962
Schneider Electric StruxureWare Building Expert MPM prior to 2.15 does not use encryption for the client-server data stream, which allows remote malicious users to discover credentials by sniffing the network.
Schneider-electric Struxureware Building Expert Multi-purpose Management
1 Article
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »