Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
portcullis vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2014-2595
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote malicious users to bypass authentication by leveraging a permanent authentication token obtained from a query string.
Barracuda Web Application Firewall 7.8.1.013
1 EDB exploit
9.8
CVSSv3
CVE-2014-3445
backup.php in HandsomeWeb SOS Webpages prior to 1.1.12 does not require knowledge of the cleartext password, which allows remote malicious users to bypass authentication by leveraging knowledge of the administrator password hash.
Handsomeweb Sos Webpages
6.1
CVSSv3
CVE-2014-2045
Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote malicious users to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) ...
Viprinet Multichannel Vpn Router 300 Firmware 2013080900
Viprinet Multichannel Vpn Router 300 Firmware 2013070830
1 EDB exploit
NA
CVE-2015-5076
Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM prior to 5.0.9 allow remote malicious users to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected/views/admin/roll...
X2engine X2crm
NA
CVE-2015-5074
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM prior to 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.
X2engine X2crm
1 EDB exploit
NA
CVE-2015-5075
Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM prior to 5.2 allows remote malicious users to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.
X2engine X2crm
1 EDB exploit
NA
CVE-2015-4425
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.
Pimcore Pimcore -
1 EDB exploit
NA
CVE-2014-5370
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon prior to 7.1.1.18527 allows remote malicious users to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart.
New Atlanta Bluedragon
1 EDB exploit
NA
CVE-2014-5462
Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and previous versions allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_name, or (4) form_lot_...
Open-emr Openemr
1 EDB exploit
NA
CVE-2014-8600
Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and previous versions, kwebkitpart 1.3.4 and previous versions, and kio-extras 5.1.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via a crafted URI using the (1)...
Urs Wolfer Kwebkitpart
Kde Kde-runtime
Kde Kio-extras
Opensuse Opensuse 13.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »