Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
slidingwindow vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote malicious users to execute arbitrary commands via a crafted request to TCP port 3465.
Persistent Systems Radia Client Automation 7.9
Persistent Systems Radia Client Automation 8.1
Persistent Systems Radia Client Automation 9.0
Persistent Systems Radia Client Automation 9.1
3 EDB exploits
9.3
CVSSv2
CVE-2018-5406
The Quest Kace K1000 Appliance, versions before 9.0.270, allows a remote malicious user to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a ...
Quest Kace Systems Management Appliance Firmware
1 EDB exploit
9.3
CVSSv2
CVE-2013-3893
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote malicious users to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of ...
Microsoft Internet Explorer 11
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
1 EDB exploit
6 Github repositories
8 Articles
9
CVSSv2
CVE-2016-9269
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and previous versions allows authenticated, remote users with least privileges to run arbitrary commands on the sy...
Trendmicro Interscan Web Security Virtual Appliance
1 EDB exploit
7.5
CVSSv2
CVE-2015-4852
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote malicious users to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core....
Oracle Virtual Desktop Infrastructure
Oracle Weblogic Server 12.2.1.0.0
Oracle Weblogic Server 12.1.3.0.0
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.1.2.0.0
Oracle Storagetek Tape Analytics Sw Tool 2.3
2 EDB exploits
13 Github repositories
6.8
CVSSv2
CVE-2017-7851
D-Link DCS-936L devices with firmware prior to 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
D-link Dcs-936l
1 EDB exploit
6.8
CVSSv2
CVE-2017-7852
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting ...
Dlink Dcs-2230l Firmware
Dlink Dcs-2310l Firmware
Dlink Dcs-2332l Firmware
Dlink Dcs-6010l Firmware
Dlink Dcs-7010l Firmware
Dlink Dcs-2530l Firmware
Dlink Dcs-930l Firmware
Dlink Dcs-932l Firmware
Dlink Dcs-934l Firmware
Dlink Dcs-942l Firmware
Dlink Dcs-931l Firmware
Dlink Dcs-933l Firmware
Dlink Dcs-5009l Firmware
Dlink Dcs-5010l Firmware
Dlink Dcs-5020l Firmware
Dlink Dcs-5000l Firmware
Dlink Dcs-5025l Firmware
Dlink Dcs-5030l Firmware
Dlink Dcs-2210l Firmware
Dlink Dcs-2136l Firmware
Dlink Dcs-2132l Firmware
Dlink Dcs-7000l Firmware
1 EDB exploit
6.8
CVSSv2
CVE-2017-6412
In Sophos Web Appliance (SWA) prior to 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
Sophos Web Appliance
1 EDB exploit
5
CVSSv2
CVE-2018-1217
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated malicious user to read ...
Dell Emc Avamar 7.5.0
Dell Emc Integrated Data Protection Appliance 2.0
Dell Emc Integrated Data Protection Appliance 2.1
Dell Emc Avamar 7.3.1
Dell Emc Avamar 7.4.1
1 EDB exploit
4
CVSSv2
CVE-2018-5404
The Quest Kace K1000 Appliance, versions before 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or ...
Quest Kace Systems Management Appliance Firmware
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »