Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
skill vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-42022
A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a locatio...
Siemens Simatic Easie Pcs 7 Skill
Siemens Simatic Easie Pcs 7 Skill 21.00
7.5
CVSSv3
CVE-2013-1924
Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions before 7.x-1.2
Skill Commerce Skrill
NA
CVE-2005-2440
SQL injection vulnerability in login.asp in Thomson Web Skill Vantage Manager allows remote malicious users to execute arbitrary SQL commands via the svmPassword parameter.
Thomson Netg Web Skill Vantage Manager 2.5
3.3
CVSSv3
CVE-2018-11567
before 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if ...
Amazon Echo Show Firmware
Amazon Echo Plus Firmware
Amazon Echo Dot Firmware
Amazon Echo Spot Firmware
Amazon Echo Firmware
9.8
CVSSv3
CVE-2022-25809
Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically prox...
Amazon Echo Dot Firmware -
1 Article
6.1
CVSSv3
CVE-2023-3753
A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. This affects an unknown part of the file /browse. The manipulation of the argument search/featured/recommended/skill leads to cross site scripting. It is possible to initiate the attack remo...
Creativeitem Mastery Lms 1.2
9.8
CVSSv3
CVE-2017-3221
Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote malicious users to access user credentials, including user names and passwords.
Inmarsat Amosconnect 8 8.2.1
Inmarsat Amosconnect 8 8.2.2
Inmarsat Amosconnect 8 8.0.2
Inmarsat Amosconnect 8 8.2.0
Inmarsat Amosconnect 8 8.0
Inmarsat Amosconnect 8 8.3.0
Inmarsat Amosconnect 8 8.3.1
Inmarsat Amosconnect 8 8.0.1
Inmarsat Amosconnect 8 8.4.0
Inmarsat Amosconnect 8 8.4.0.1
9.8
CVSSv3
CVE-2017-3222
Hard-coded credentials in AmosConnect 8 allow remote malicious users to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.
Inmarsat Amosconnect 8.0
Inmarsat Amosconnect 8.0.1
Inmarsat Amosconnect 8.0.2
Inmarsat Amosconnect 8.2.0
Inmarsat Amosconnect 8.2.1
Inmarsat Amosconnect 8.2.2
Inmarsat Amosconnect 8.3.0
Inmarsat Amosconnect 8.3.1
Inmarsat Amosconnect 8.4.0
Inmarsat Amosconnect 8.4.0.1
NA
CVE-2002-0606
Buffer overflow in 3Cdaemon 2.0 FTP server allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login.
3com 3cdaemon 2.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started