Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sf vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-5948
Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 up to and including 1.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters.
Script-fun Sf-shoutbox 1.2.1
Script-fun Sf-shoutbox 1.4
NA
CVE-2006-2167
Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote malicious users to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element.
Sloughflash Sf-users 1.0
NA
CVE-2015-3974
EasyIO EasyIO-30P-SF controllers with firmware prior to 0.5.21 and 2.x prior to 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe...
Easyio Easyio-30p-sf Firmware
Easyio Easyio-30p-sf
NA
CVE-2008-6943
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/.
Scriptsfeed Recipes Listing Portal
3 EDB exploits
NA
CVE-2008-6944
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/.
Scriptsfeed Auto Classifieds -
3 EDB exploits
NA
CVE-2008-6942
Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to...
Scriptsfeed Realtor Classifieds System -
3 EDB exploits
NA
CVE-2008-7040
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote malicious users to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be in...
Yellowswordfish Simple Forum -
1 EDB exploit
8.6
CVSSv3
CVE-2018-0378
A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on an affected device. The vulnerabilit...
Cisco Nx-os 7.3\\(2\\)n1\\(0.8\\)
9.1
CVSSv3
CVE-2019-1912
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote malicious user to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attac...
Cisco Sf-220-24 Firmware
Cisco Sf220-24p Firmware
Cisco Sf220-48 Firmware
Cisco Sf220-48p Firmware
Cisco Sg220-26 Firmware
Cisco Sg220-26p Firmware
Cisco Sg220-28 Firmware
Cisco Sg220-28mp Firmware
Cisco Sg220-50 Firmware
Cisco Sg220-50p Firmware
Cisco Sg220-52 Firmware
1 EDB exploit
1 Article
9.8
CVSSv3
CVE-2019-1913
Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote malicious user to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operatin...
Cisco Sf-220-24 Firmware
Cisco Sf220-24p Firmware
Cisco Sf220-48 Firmware
Cisco Sf220-48p Firmware
Cisco Sg220-26 Firmware
Cisco Sg220-26p Firmware
Cisco Sg220-28 Firmware
Cisco Sg220-28mp Firmware
Cisco Sg220-50 Firmware
Cisco Sg220-50p Firmware
Cisco Sg220-52 Firmware
1 EDB exploit
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »