Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
secpod research vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2299
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) prior to 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Advantech Advantech Webaccess 5.0
Advantech Advantech Webaccess
Advantech Advantech Webaccess 6.0
1 EDB exploit
NA
CVE-2011-4722
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote malicious users to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
Ipswitch Tftp Server 1.0.0.24
1 EDB exploit
NA
CVE-2011-3394
SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote malicious users to execute arbitrary SQL commands via the page parameter.
Myrephp Myre Real Estate Software
1 EDB exploit
NA
CVE-2012-1466
The Traffic Grapher Server for NetMechanica NetDecision prior to 4.6.1 allows remote malicious users to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd. NOTE: some of these d...
Netmechanica Netdecision
1 EDB exploit
NA
CVE-2012-1464
Dashboard Server for NetMechanica NetDecision prior to 4.6.1 allows remote malicious users to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are o...
Netmechanica Netdecision
1 EDB exploit
NA
CVE-2011-3393
Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote malicious users to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1 parameter.
Myrephp Myre Real Estate Software
1 EDB exploit
NA
CVE-2012-1006
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to st...
Apache Struts 2.0.14
Apache Struts 2.2.3
1 EDB exploit
NA
CVE-2012-1007
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote malicious users to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do ...
Apache Struts 1.3.10
1 EDB exploit
NA
CVE-2011-4720
Hillstone HS TFTP Server 1.3.2 allows remote malicious users to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.
Hillstone Software Hs Tftp Server 1.3.2
1 EDB exploit
NA
CVE-2012-1005
Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote malicious users to inject arbitrary web script or HTML via the comment parameter to a blog, as demonstrated using (1) Blog/MyFirstBlog.txt or (2) Blog/AboutSomething.txt...
Sphinx-soft Mobile Web Server 3.1.2.47
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »