Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
portcullis-security.com vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2014-3445
backup.php in HandsomeWeb SOS Webpages prior to 1.1.12 does not require knowledge of the cleartext password, which allows remote malicious users to bypass authentication by leveraging knowledge of the administrator password hash.
Handsomeweb Sos Webpages
NA
CVE-2014-1643
The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) prior to 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL.
Symantec Encryption Management Server 3.3.0
Symantec Encryption Management Server
NA
CVE-2014-7137
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM prior to 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet...
Dolibarr Dolibarr
NA
CVE-2014-2591
Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.
Bmc Patrol Agent 3.9.00
NA
CVE-2014-6032
Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 up to and including 11.6.0 and 10.0.0 up to and including 10.2.4, AAM 11.4.0 up to and including 11.6.0, ARM 11.3.0 up to and including 11.6.0, Ana...
F5 Big-ip Protocol Security Module 10.2.3
F5 Big-ip Protocol Security Module 11.0.0
F5 Big-ip Protocol Security Module 10.2.0
F5 Big-ip Protocol Security Module 10.2.1
F5 Big-ip Protocol Security Module 11.2.1
F5 Big-ip Protocol Security Module 11.3.0
F5 Big-ip Protocol Security Module 11.4.0
F5 Big-ip Protocol Security Module 10.0.0
F5 Big-ip Protocol Security Module 10.1.0
F5 Big-ip Protocol Security Module 11.1.0
F5 Big-ip Protocol Security Module 11.2.0
F5 Big-ip Protocol Security Module 10.2.2
F5 Big-ip Protocol Security Module 10.2.4
F5 Big-ip Protocol Security Module 11.4.1
F5 Big-ip Global Traffic Manager 10.0.0
F5 Big-ip Global Traffic Manager 10.1.0
F5 Big-ip Global Traffic Manager 11.1.0
F5 Big-ip Global Traffic Manager 11.2.0
F5 Big-ip Global Traffic Manager 11.6.0
F5 Big-ip Global Traffic Manager 10.2.2
F5 Big-ip Global Traffic Manager 10.2.3
F5 Big-ip Global Traffic Manager 11.4.1
NA
CVE-2014-6033
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed...
NA
CVE-2014-2042
Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive prior to 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a pre...
Livetecs Timeline 6.2.71
Livetecs Timeline 6.2.7
Livetecs Timeline 4.3.1
Livetecs Timeline 4.2.1
Livetecs Timeline 3.0.5
Livetecs Timeline 3.0.3
Livetecs Timeline 6.2.3
Livetecs Timeline 6.2.1
Livetecs Timeline 3.6.1
Livetecs Timeline 3.5.1
Livetecs Timeline 2.91
Livetecs Timeline 2.81
Livetecs Timeline 6.2.6
Livetecs Timeline 6.2.4
Livetecs Timeline 3.8.1
Livetecs Timeline 3.7.1
Livetecs Timeline 3.0.1
Livetecs Timeline 2.94
Livetecs Timeline
Livetecs Timeline 6.0.1
Livetecs Timeline 5.2.1
Livetecs Timeline 4.9.1
NA
CVE-2014-1217
Livetecs Timelive prior to 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote malicious users to change configurations and obtain the database connection string and credentials via unspecified vectors.
Livetecs Timeline 6.2.4
Livetecs Timeline 6.2.3
Livetecs Timeline 3.8.1
Livetecs Timeline 3.7.1
Livetecs Timeline 3.0.1
Livetecs Timeline 2.94
Livetecs Timeline 6.2.71
Livetecs Timeline 5.2.1
Livetecs Timeline 4.9.1
Livetecs Timeline 3.2.1
Livetecs Timeline 3.1.1
Livetecs Timeline 6.2.1
Livetecs Timeline 6.0.1
Livetecs Timeline 3.6.1
Livetecs Timeline 3.5.1
Livetecs Timeline 2.91
Livetecs Timeline 2.81
Livetecs Timeline 6.2.7
Livetecs Timeline 6.2.6
Livetecs Timeline 7.1.1
Livetecs Timeline 4.3.1
Livetecs Timeline 4.2.1
NA
CVE-2014-1223
Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx in Telligent Evolution prior to 6.1.19.36103, 7.x prior to 7.1.12.36162, 7.5.x, and 7.6.x prior to 7.6.7.36651 allows remote malicious users to inject arbitrary web script or HTML via the msg parameter. NOTE: s...
Telligent Evolution
NA
CVE-2014-0371
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote authenticated users to affect integrity via unknown vectors related to DM Others.
Oracle Supply Chain Products Suite Sql-server 7.3.1
Oracle Supply Chain Products Suite Sql-server 12.2.0
Oracle Supply Chain Products Suite 7.2.0.3
Oracle Supply Chain Products Suite Sql-server 7.3.0
Oracle Supply Chain Products Suite Sql-server 12.2.1
Oracle Supply Chain Products Suite Sql-server 12.2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »