Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7.com vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-19531
Rapid7 Security Advisory - The Caucho Resin web application server for Windows contains a directory traversal vulnerability that allows remote unauthenticated users to download any file from the system. It is possible to download files from any drive on the system. Versions 3.0.1...
NA
CVE-2009-4444
Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote malicious users to bypass intended extension restrictions of third-party upload applications via a f...
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 6.0
NA
CVE-2010-0219
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote malicious users to execute arbitrary code by uploading a crafted web s...
Apache Axis2 1.3
Apache Axis2 1.4
Apache Axis2 1.4.1
Apache Axis2 1.5
Apache Axis2 1.5.1
Apache Axis2 1.5.2
Apache Axis2 1.6
Sap Businessobjects 3.2
3 EDB exploits
1 Github repository
9.8
CVSSv3
CVE-2014-9390
Git prior to 1.8.5.6, 1.9.x prior to 1.9.5, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 on Windows and OS X; Mercurial prior to 3.2.3 on Windows and OS X; Apple Xcode prior to 6.2 beta 3; mine all versions prior to 08-12-2014; libgit2 all versions up to 0...
Git-scm Git
Mercurial Mercurial
Apple Xcode 6.2
Apple Xcode
Eclipse Egit
Libgit2 Libgit2
Eclipse Jgit
2 Metasploit modules
4 Github repositories
NA
CVE-2014-9222
AllegroSoft RomPager 4.34 and previous versions, as used in Huawei Home Gateway products and other vendors and products, allows remote malicious users to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
Allegrosoft Rompager
4 Metasploit modules
1 Nmap script
3 Github repositories
2 Articles
9.8
CVSSv3
CVE-2023-34124
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and previous versions versions; Analytics: 2.5.0.4-R7 and previous versions versions.
Sonicwall Global Management System
Sonicwall Analytics
Sonicwall Global Management System 9.3.2
1 Metasploit module
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started