Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
on-premise vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-20736
A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote malicious user to access a configuration file and the login page for an administrative console that they would not normally have authorization to ...
Cisco Appdynamics Controller
5
CVSSv2
CVE-2022-25151
Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by usin...
Itarian Saas Service Desk
Itarian On-premise
9
CVSSv2
CVE-2022-25152
The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version before 6.35.37347.20040, a malici...
Itarian Saas Service Desk
Itarian On-premise
7.5
CVSSv2
CVE-2022-1357
The affected On-Premise cnMaestro allows an unauthenticated malicious user to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an malicious user to append arbitrary data to the logger command.
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
5
CVSSv2
CVE-2022-1358
The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an malicious user to exfiltrate and dump all data held in the cnMaestro database.
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
5
CVSSv2
CVE-2022-1359
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where...
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
7.5
CVSSv2
CVE-2022-1360
The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote malicious user to change server configuration settings.
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
5
CVSSv2
CVE-2022-1361
The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an malicious user to exfiltrate data about other user’s accounts and devices.
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
9.3
CVSSv2
CVE-2022-1362
The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server.
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
10
CVSSv2
CVE-2022-23166
Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the L...
Sysaid Sysaid
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »