Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
on-premise vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-47246
In SysAid On-Premise prior to 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Sysaid Sysaid On-premises
2 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-0580
Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Con...
Abb My Control System
9.8
CVSSv3
CVE-2022-47966
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsib...
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Ad360
Zohocorp Manageengine Ad360 4.3
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Adselfservice Plus 6.2
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Analytics Plus
Zohocorp Manageengine Analytics Plus 5.1
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
Zohocorp Manageengine Key Manager Plus
Zohocorp Manageengine Key Manager Plus 6.4
Zohocorp Manageengine Pam360 5.7
Zohocorp Manageengine Pam360
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 14.0
2 Metasploit modules
6 Github repositories
1 Article
9.8
CVSSv3
CVE-2022-2830
Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an malicious user to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions before 6.29.2-1. Bit...
Bitdefender Gravityzone
9.8
CVSSv3
CVE-2022-28750
Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, this vulnerab...
Zoom Meeting Connector
9.8
CVSSv3
CVE-2022-24082
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect ...
Pega Infinity
9.8
CVSSv3
CVE-2022-1357
The affected On-Premise cnMaestro allows an unauthenticated malicious user to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an malicious user to append arbitrary data to the logger command.
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
9.8
CVSSv3
CVE-2022-1360
The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote malicious user to change server configuration settings.
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
9.8
CVSSv3
CVE-2022-23166
Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the L...
Sysaid Sysaid
9.8
CVSSv3
CVE-2021-34423
A buffer overflow vulnerability exists in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) bef...
Zoom Meetings
Zoom Meetings For Blackberry
Zoom Meetings For Intune
Zoom Meetings For Chrome Os
Zoom Rooms For Conference Rooms
Zoom Controllers For Zoom Rooms
Zoom Virtual Desktop Infrastructure
Zoom Windows Meeting Sdk
Zoom Macos Meeting Sdk
Zoom Iphone Os Meeting Sdk
Zoom Android Meeting Sdk
Zoom Windows Video Sdk
Zoom Iphone Os Video Sdk
Zoom Macos Video Sdk
Zoom Android Video Sdk
Zoom Hybrid Mmr
Zoom Hybrid Zproxy
Zoom Zoom On-premise Meeting Connector Controller
Zoom Zoom On-premise Virtual Room Connector
Zoom Zoom On-premise Recording Connector
Zoom Zoom On-premise Virtual Room Connector Load Balancer
Zoom Zoom On-premise Meeting Connector Mmr
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »