Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
storm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-1612
Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote malicious users to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of...
Baofeng Storm 2.9
Baofeng Storm 2.8
Baofeng Storm 2.7.9 8
Baofeng Storm 3.9.4 27
Baofeng Storm 3.9.3 30
Baofeng Storm 3.9.4 17
Baofeng Storm 2.7.9 10
Baofeng Storm 3.9.3 25
2 EDB exploits
NA
CVE-2009-1807
Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and previous versions allows remote malicious users to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.
Baofeng Storm 2.7.9 8
Baofeng Storm 2.8
Baofeng Storm 2.9
Baofeng Storm
Baofeng Storm 2.7.9 10
1 EDB exploit
8.8
CVSSv3
CVE-2017-9799
It was found that under some situations and configurations of Apache Storm 1.x prior to 1.0.4 and 1.1.x prior to 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could...
Apache Storm 1.0.2
Apache Storm 1.1
Apache Storm 1.0.1
Apache Storm 1.0.3
Apache Storm 1.0
NA
CVE-2010-2123
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x prior to 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (ak...
Speedtech Storm 5.x-1.x
Speedtech Storm 5.x-1.1
Speedtech Storm 5.x-1.8
Speedtech Storm 5.x-1.9
Speedtech Storm 5.x-1.4
Speedtech Storm 5.x-1.5
Speedtech Storm 5.x-1.13
Speedtech Storm 5.x-1.14
Speedtech Storm 5.x-1.2
Speedtech Storm 5.x-1.3
Speedtech Storm 5.x-1.10
Speedtech Storm 5.x-1.11
Speedtech Storm 5.x-1.12
Speedtech Storm 5.x-1.6
Speedtech Storm 5.x-1.7
Speedtech Storm 6.x-1.5
Speedtech Storm 6.x-1.6
Speedtech Storm 6.x-1.13
Speedtech Storm 6.x-1.14
Speedtech Storm 6.x-1.15
Speedtech Storm 6.x-1.22
Speedtech Storm 6.x-1.23
NA
CVE-2010-2158
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x prior to 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stor...
Speedtech Storm 5.x-1.10
Speedtech Storm 5.x-1.12
Speedtech Storm 5.x-1.4
Speedtech Storm 5.x-1.6
Speedtech Storm 5.x-1.13
Speedtech Storm 5.x-1.14
Speedtech Storm 5.x-1.2
Speedtech Storm 5.x-1.3
Speedtech Storm 5.x-1.8
Speedtech Storm 5.x-1.9
Speedtech Storm 5.x-1.x
Speedtech Storm 5.x-1.1
Speedtech Storm 5.x-1.11
Speedtech Storm 5.x-1.5
Speedtech Storm 5.x-1.7
Speedtech Storm 6.x-1.11
Speedtech Storm 6.x-1.31
Speedtech Storm 6.x-1.9
Speedtech Storm 6.x-1.x
Speedtech Storm 6.x-1.5
Speedtech Storm 6.x-1.7
Speedtech Storm 6.x-1.24
NA
CVE-2009-4515
The Storm module 6.x prior to 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote malicious users to read node titles via unspecified vectors.
Speedtech Storm 6.x-1.x
Speedtech Storm 6.x-1.5
Speedtech Storm 6.x-1.23
Speedtech Storm 6.x-1.24
Speedtech Storm 6.x-1.16
Speedtech Storm 6.x-1.18
Speedtech Storm 6.x-1.10
Speedtech Storm 6.x-1.1
Speedtech Storm 6.x-1.0
Speedtech Storm 6.x-1.9
Speedtech Storm 6.x-1.8
Speedtech Storm 6.x-1.12
Speedtech Storm 6.x-1.13
Speedtech Storm 6.x-1.14
Speedtech Storm 6.x-1.15
Speedtech Storm 6.x-1.7
Speedtech Storm 6.x-1.6
Speedtech Storm 6.x-1.20
Speedtech Storm 6.x-1.21
Speedtech Storm 6.x-1.11
Speedtech Storm 6.x-1.3
Speedtech Storm 6.x-1.4
NA
CVE-2004-1566
Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote malicious users to execute arbitrary web script or HTML via the module parameter.
Silent-storm Silent-storm Portal 2.1
Silent-storm Silent-storm Portal 2.2
NA
CVE-2008-6383
SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x prior to 5.x-1.14 and 6.x prior to 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors.
Drupal Storm 5.x-1.13
Drupal Storm 5.x-1.7
Drupal Storm 5.x-1.4
Drupal Storm 6.x-1.16
Drupal Storm 6.x-1.15
Drupal Storm 6.x-1.14
Drupal Storm 6.x-1.7
Drupal Storm 6.x-1.8
Drupal Storm 6.x-1.x-dev
Drupal Storm 5.x-1.12
Drupal Storm 5.x-1.11
Drupal Storm 5.x-1.5
Drupal Storm 5.x-1.3
Drupal Storm 6.x-1.13
Drupal Storm 6.x-1.12
Drupal Storm 6.x-1.4
Drupal Storm 6.x-1.5
Drupal Storm 5.x-1.8
Drupal Storm 5.x-1.6
Drupal Storm 5.x-1.x-dev
Drupal Storm 6.x-1.17
Drupal Storm 6.x-1.9
7.5
CVSSv3
CVE-2019-0202
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these ...
Apache Storm 0.9.1
Apache Storm 0.9.2
Apache Storm
NA
CVE-2002-1788
Format string vulnerability in the nn_exitmsg function in nn 6.6.0 up to and including 6.6.3 allows remote NNTP servers to execute arbitrary code via format strings in server responses.
Kim Storm Nn 6.6.3
Kim Storm Nn 6.6.0
Kim Storm Nn 6.6.2
Kim Storm Nn 6.6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »