Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
st vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3942
An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an malicious user to, in some cases, impersonate another user or perform unauthorized actions. In oth...
NA
CVE-2023-3941
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM17...
NA
CVE-2023-3940
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1...
NA
CVE-2023-3938
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices (ZkTeco Pr...
NA
CVE-2023-3939
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum...
NA
CVE_2021_31630
cve-2021-31630 OpenPLC WebServer v3 - Authenticated RCE This PoC script is based on the exploit provided by Fellipe Oliveira. Features : Directly uploads C code to /hardware instead of st file upload Restores default program before uploading reverse shell Improved C based revers...
1 Github repository
NA
CVE-2020-240341
Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values in...
NA
CVE-2019-95551
Sagemcom F@st 5260 routers on firmware version 0.4.39 (and possibly others), in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small.
NA
CVE-2015-6359
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote malicious users to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka ...
Cisco Ios 15.2\\(4\\)st
Cisco Ios 15.2\\(4\\)pi
Cisco Ios 15.2\\(4\\)e
Cisco Ios 15.3\\(3\\)s0.1
Cisco Ios 15.2\\(5\\)st
NA
CVE-2013-5218
Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote malicious users to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp.
Hot Hotbox Router Firmware 2.1.11
Hot Hotbox Router -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »