Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nassim vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1989
Multiple cross-site scripting (XSS) vulnerabilities in DotClear prior to 1.2.6 allow remote malicious users to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these ...
Dotclear Dotclear
2 EDB exploits
8.8
CVSSv3
CVE-2019-16701
pfSense up to and including 2.3.4 up to and including 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
Netgate Pfsense 2.4.4
Netgate Pfsense
1 EDB exploit
9.8
CVSSv3
CVE-2017-11165
dataTaker DT80 dEX 1.50.012 allows remote malicious users to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
Datataker Dt80 Dex Firmware 1.50.012
1 EDB exploit
9.8
CVSSv3
CVE-2018-6911
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote malicious users to execute arbitrary OS commands via a single argument (aka the command parameter).
Advantech Webaccess 8.3.0
1 EDB exploit
8.8
CVSSv3
CVE-2018-16752
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
Linknet-usa Lw-n605r Firmware 12.20.2.1486
4.4
CVSSv3
CVE-2019-6192
A potential vulnerability has been reported in Lenovo Power Management Driver versions before 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
Lenovo Power Management Driver
NA
CVE-2017-7874
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
1 EDB exploit
7.8
CVSSv3
CVE-2020-14425
Foxit Reader prior to 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.
Foxitsoftware Foxit Reader
NA
CVE-2017-7286
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
NA
CVE-2017-7319
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »