Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rafael pedrero vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2018-18777
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a path...
Microstrategy Microstrategy Web 7
1 EDB exploit
7.5
CVSSv2
CVE-2019-8923
XAMPP up to and including 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.
Apachefriends Xampp
1 EDB exploit
4.3
CVSSv2
CVE-2019-8929
An issue exists in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
Zohocorp Manageengine Netflow Analyzer 7.0.0.2
1 EDB exploit
4.3
CVSSv2
CVE-2019-8924
XAMPP up to and including 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.
Apachefriends Xampp
1 EDB exploit
4.3
CVSSv2
CVE-2019-8926
An issue exists in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.
Zohocorp Manageengine Netflow Analyzer 7.0.0.2
1 EDB exploit
4.3
CVSSv2
CVE-2019-8927
An issue exists in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Typ...
Zohocorp Manageengine Netflow Analyzer 7.0.0.2
1 EDB exploit
4
CVSSv2
CVE-2019-8925
An issue exists in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityMan...
Zohocorp Manageengine Netflow Analyzer 7.0.0.2
1 EDB exploit
4.3
CVSSv2
CVE-2019-8928
An issue exists in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.
Zohocorp Manageengine Netflow Analyzer 7.0.0.2
1 EDB exploit
4.3
CVSSv2
CVE-2018-18775
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
Microstrategy Microstrategy Web 7
1 EDB exploit
7.5
CVSSv2
CVE-2019-9083
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.
Sqlitemanager Sqlitemanager 1.24
Sqlitemanager Sqlitemanager 1.20
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »