Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osanda malith vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2014-1680
Untrusted search path vulnerability in Bandisoft Bandizip prior to 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.
Bandisoft Bandizip 3.06
Bandisoft Bandizip 3.05
Bandisoft Bandizip
Bandisoft Bandizip 3.02
Bandisoft Bandizip 3.01
Bandisoft Bandizip 3.00
Bandisoft Bandizip 3.04
Bandisoft Bandizip 3.03
Bandisoft Bandizip 3.08
Bandisoft Bandizip 3.07
4.6
CVSSv2
CVE-2014-8494
ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file.
Estsoft Alupdate 8.5.1.0.0
7.2
CVSSv2
CVE-2015-2667
Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory.
Gns3 Gns3 1.2.3
4.4
CVSSv2
CVE-2014-3860
Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability
Xilisoft Video Converter 7.8.1
6.9
CVSSv2
CVE-2014-0619
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.
Hamstersoft Hamster Free Zip Archiver 2.0.1.7
6.5
CVSSv2
CVE-2017-8912
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not ...
Cmsmadesimple Cms Made Simple 2.1.6
1 EDB exploit
7.8
CVSSv2
CVE-2014-4018
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote malicious users to obtain access via unspecified vectors.
Zte Zxv10 W300 Firmware 1.0.0a Zrd Lk
Zte Zxv10 W300 -
1 EDB exploit
5
CVSSv2
CVE-2014-4019
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote malicious users to read backup files via a direct request for rom-0.
Zte Zxv10 W300 Firmware W300v1.0.0a Zrd Lk
1 EDB exploit
5
CVSSv2
CVE-2014-4154
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
Zte Zxv10 W300 Firmware 1.0.0a Zrd Lk
Zte Zxv10 W300 -
1 EDB exploit
6.8
CVSSv2
CVE-2014-4155
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote malicious users to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
Zte Zxv10 W300 Firmware 1.0.0a Zrd Lk
Zte Zxv10 W300 -
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »