Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
portcullis vulnerabilities and exploits
(subscribe to this query)
9.7
CVSSv2
CVE-2014-2046
cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote malicious users to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) m...
Broadcom Pipa C211 Web Interface 1.1
Broadcom Pipa C211 -
1 EDB exploit
9.3
CVSSv2
CVE-2014-7178
Enalean Tuleap prior to 7.5.99.6 allows remote malicious users to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
Enalean Tuleap
1 EDB exploit
9
CVSSv2
CVE-2014-5308
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.
Testlink Testlink 1.9.11
1 EDB exploit
7.5
CVSSv2
CVE-2014-2595
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote malicious users to bypass authentication by leveraging a permanent authentication token obtained from a query string.
Barracuda Web Application Firewall 7.8.1.013
1 EDB exploit
7.5
CVSSv2
CVE-2014-3445
backup.php in HandsomeWeb SOS Webpages prior to 1.1.12 does not require knowledge of the cleartext password, which allows remote malicious users to bypass authentication by leveraging knowledge of the administrator password hash.
Handsomeweb Sos Webpages
7.5
CVSSv2
CVE-2015-5074
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM prior to 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.
X2engine X2crm
1 EDB exploit
7.5
CVSSv2
CVE-2014-5370
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon prior to 7.1.1.18527 allows remote malicious users to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart.
New Atlanta Bluedragon
1 EDB exploit
7.5
CVSSv2
CVE-2014-6389
backup.php in PHPCompta/NOALYSS prior to 6.7.2 allows remote malicious users to execute arbitrary commands via shell metacharacters in the d parameter.
Phpcompta Phpcompta\\/noalyss
1 EDB exploit
7.5
CVSSv2
CVE-2014-2044
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud prior to 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) synt...
Owncloud Owncloud 4.5.7
Owncloud Owncloud 4.5.6
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.5.10
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.0.9
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.16
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.5.2
Owncloud Owncloud
Owncloud Owncloud 4.0.8
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.15
1 EDB exploit
7.5
CVSSv2
CVE-2014-1217
Livetecs Timelive prior to 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote malicious users to change configurations and obtain the database connection string and credentials via unspecified vectors.
Livetecs Timeline 6.2.4
Livetecs Timeline 6.2.3
Livetecs Timeline 3.8.1
Livetecs Timeline 3.7.1
Livetecs Timeline 3.0.1
Livetecs Timeline 2.94
Livetecs Timeline 6.2.71
Livetecs Timeline 5.2.1
Livetecs Timeline 4.9.1
Livetecs Timeline 3.2.1
Livetecs Timeline 3.1.1
Livetecs Timeline 6.2.1
Livetecs Timeline 6.0.1
Livetecs Timeline 3.6.1
Livetecs Timeline 3.5.1
Livetecs Timeline 2.91
Livetecs Timeline 2.81
Livetecs Timeline 6.2.7
Livetecs Timeline 6.2.6
Livetecs Timeline 7.1.1
Livetecs Timeline 4.3.1
Livetecs Timeline 4.2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »