Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revolution vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2010-5310
The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires...
Gehealthcare Revolution Xq\\/i
10
CVSSv2
CVE-2008-2832
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote malicious users to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in cale...
Fullrevolution Aspwebcalendar2008
1 EDB exploit
7.5
CVSSv2
CVE-2019-1010178
Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixe...
Modx Fred 1.0.0
7.5
CVSSv2
CVE-2017-7321
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and previous versions allows remote malicious users to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.
Modx Modx Revolution
7.5
CVSSv2
CVE-2017-7324
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and previous versions allows remote malicious users to execute arbitrary PHP code via the core_path parameter.
Modx Modx Revolution
7.5
CVSSv2
CVE-2016-10037
Directory traversal in /connectors/index.php in MODX Revolution prior to 2.5.2-pl allows remote malicious users to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.
Modx Modx Revolution
7.5
CVSSv2
CVE-2016-10038
Directory traversal in /connectors/index.php in MODX Revolution prior to 2.5.2-pl allows remote malicious users to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.
Modx Modx Revolution
7.5
CVSSv2
CVE-2016-10039
Directory traversal in /connectors/index.php in MODX Revolution prior to 2.5.2-pl allows remote malicious users to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles.
Modx Modx Revolution
7.5
CVSSv2
CVE-2014-9735
The ThemePunch Slider Revolution (revslider) plugin prior to 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and previous versions for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote malicious users to (1) upload and execute ...
Themepunch Showbiz Pro
Themepunch Slider Revolution
1 EDB exploit
7.5
CVSSv2
CVE-2015-1400
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote malicious users to execute arbitrary SQL commands via the query parameter.
Npds Revolution 13.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »