Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sec-consult.com vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2022-44013
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked.
Simmeth Lieferantenmanager
7.5
CVSSv3
CVE-2022-44017
An issue exists in Simmeth Lieferantenmanager prior to 5.6. Due to errors in session management, an attacker can log back into a victim's account after the victim logged out - /LMS/LM/#main can be used for this. This is due to the credentials not being cleaned from the local...
Simmeth Lieferantenmanager
8.8
CVSSv3
CVE-2020-8461
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an malicious user to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.
Trendmicro Interscan Web Security Virtual Appliance 6.5
7.5
CVSSv3
CVE-2020-8463
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an malicious user to bypass a global authorization check for anonymous users by manipulating request paths.
Trendmicro Interscan Web Security Virtual Appliance 6.5
7.5
CVSSv3
CVE-2020-8464
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an malicious user to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
Trendmicro Interscan Web Security Virtual Appliance 6.5
9.8
CVSSv3
CVE-2020-8465
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an malicious user to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
Trendmicro Interscan Web Security Virtual Appliance 6.5
9
CVSSv3
CVE-2020-16210
The affected product is vulnerable to reflected cross-site scripting, which may allow an malicious user to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions).
Redlion N-tron 702-w Firmware
Redlion N-tron 702m12-w Firmware
8.8
CVSSv3
CVE-2021-39271
OrbiTeam BSCW Classic prior to 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.
Bscw Bscw Classic
8.8
CVSSv3
CVE-2021-39279
Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WD...
Moxa Wac-2004 Firmware 1.7
Moxa Wac-1001 Firmware 2.1
Moxa Wac-1001-t Firmware 2.1
Moxa Oncell G3470a-lte-eu Firmware 1.7
Moxa Oncell G3470a-lte-eu-t Firmware 1.7
Moxa Tap-323-eu-ct-t Firmware 1.3
Moxa Tap-323-us-ct-t Firmware 1.3
Moxa Tap-323-jp-ct-t Firmware 1.3
Moxa Wdr-3124a-eu Firmware 2.3
Moxa Wdr-3124a-eu-t Firmware 2.3
Moxa Wdr-3124a-us Firmware 2.3
Moxa Wdr-3124a-us-t Firmware 2.3
8
CVSSv3
CVE-2017-6662
A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execu...
Cisco Evolved Programmable Network Manager 1.2.0
Cisco Evolved Programmable Network Manager 1.2.300
Cisco Evolved Programmable Network Manager 2.0.0
Cisco Prime Infrastructure 3.1
Cisco Evolved Programmable Network Manager 1.2.200
Cisco Prime Infrastructure 1.4.1
Cisco Prime Infrastructure 1.3.0.20
Cisco Prime Infrastructure 1.2.1
Cisco Prime Infrastructure 1.4.0.45
Cisco Prime Infrastructure 3.1\\(0.128\\)
Cisco Prime Infrastructure 3.2\\(0.0\\)
Cisco Prime Infrastructure 3.1\\(4.0\\)
Cisco Prime Infrastructure 2.2
Cisco Prime Infrastructure 1.2
Cisco Prime Infrastructure 2.2\\(2\\)
Cisco Prime Infrastructure 1.4.2
Cisco Prime Infrastructure 1.2.0.103
Cisco Prime Infrastructure 3.1.1
Cisco Prime Infrastructure 2.2\\(3\\)
Cisco Prime Infrastructure 3.0
Cisco Evolved Programmable Network Manager 2.0\\(4.0.45d\\)
Cisco Evolved Programmable Network Manager 1.2.500
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »