Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-9919
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 up to and including 2.0.8, which allows remote malicious users to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-do...
Tp-shop Tp-shop
6.1
CVSSv3
CVE-2018-7049
An issue exists in Wowza Streaming Engine prior to 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request.
Wowza Streaming Engine
9.8
CVSSv3
CVE-2014-9515
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote malicious users to execute arbitrary code via a crafted serialized object.
Dozer Project Dozer
9.1
CVSSv3
CVE-2017-6519
avahi-daemon in Avahi up to and including 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote malicious users to cause a denial of service (traffic amplification) and may cause information leakage by obtain...
Avahi Avahi
Avahi Avahi 0.7
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
6.5
CVSSv3
CVE-2016-5765
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated malicious users to read arbitrary files via a specially crafted URL...
Microfocus Host Access Management And Security Server 12.3
Microfocus Reflection Zfe 2.0.0.52
Microfocus Host Access Management And Security Server 12.2
Microfocus Reflection For The Web 12.3
Microfocus Reflection For The Web 12.1
Microfocus Reflection For The Web 12.2
Microfocus Reflection Zfe 1.4.0.14
Microfocus Reflection Zfe 2.0.1.18
Microfocus Reflection Security Gateway 12.1
7.5
CVSSv3
CVE-2016-9182
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can us...
Exponentcms Exponent Cms 2.4.0
7.8
CVSSv3
CVE-2016-3225
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an ...
Microsoft Windows Rt 8.1
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012 -
Microsoft Windows 8.1
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 10 1511
Microsoft Windows 10 -
Microsoft Windows Server 2008
Microsoft Windows Vista
1 EDB exploit
2 Github repositories
NA
CVE-2015-2984
I-O DATA DEVICE WN-G54/R2 routers with firmware prior to 1.03 and NP-BBRS routers allow remote malicious users to cause a denial of service (SSDP reflection) via UPnP requests.
Iodata Wn-g54\\/r2 Firmware
NA
CVE-2015-2370
The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/...
Microsoft Windows Vista
Microsoft Windows Server 2008 -
Microsoft Windows Server 2012 R2
Microsoft Windows 8 -
Microsoft Windows 8.1 -
Microsoft Windows Server 2008 R2
Microsoft Windows 7 -
Microsoft Windows Rt 8.1 -
Microsoft Windows Rt -
Microsoft Windows 2003 Server
Microsoft Windows 2003 Server R2
Microsoft Windows Server 2012 -
1 EDB exploit
1 Github repository
2 Articles
NA
CVE-2014-0605
Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client prior to 14.1.429 allows remote malicious users to execute arbitrary code via unspecified vectors to the SaveSettings method.
Attachmate Reflection Ftp Client
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »