Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trustwave.com vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-7246
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote malicious users to execute arbitrary code via a long string, as exploited in the wild in January 2014.
Daum Communications Daumgame Activex Control 1.1.0.5
Daum Communications Daumgame Activex Control 1.1.0.4
1 EDB exploit
6.5
CVSSv3
CVE-2012-1258
cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer prior to 9.0.1.19899 does not validate user permissions, which allow remote malicious users to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parame...
Plixer Scrutinizer Netflow \\& Sflow Analyzer
1 EDB exploit
9.8
CVSSv3
CVE-2012-1259
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions prior to 9.0.1.19899, allow remote malicious users to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_ex...
Plixer Scrutinizer Netflow \\& Sflow Analyzer
1 EDB exploit
6.1
CVSSv3
CVE-2012-1260
Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions prior to 9.0.1.19899, allows remote malicious users to inject arbitrary web script or HTML via the newUser p...
Plixer Scrutinizer Netflow \\& Sflow Analyzer
1 EDB exploit
6.1
CVSSv3
CVE-2012-1261
Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions prior to 9.0.1.19899 allows remote malicious users to inject arbitrary web script or HTML via the standalone p...
Plixer Scrutinizer Netflow \\& Sflow Analyzer
1 EDB exploit
8.1
CVSSv3
CVE-2013-4862
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.
Micasaverde Veralite Firmware 1.5.408
1 EDB exploit
NA
CVE-2012-3951
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and previous versions has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote malicious users to execute arbitrary SQL commands via a TCP sessi...
Sonicwall Scrutinizer
1 EDB exploit
NA
CVE-2010-4507
Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote malicious users to hijack the authentication of administrators for requests that (1) execute arbitrary commands via...
Clear Ispot Firmware 1.9.9.4
Clear Ispot 2.0.0.0
Clear Clearspot Firmware 1.9.9.4
Clear Clearspot 2.0.0.0
1 EDB exploit
NA
CVE-2011-4899
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and previous versions does not ensure that the specified MySQL database service is appropriate, which allows remote malicious users to configure an arbitrary database via the dbhost and dbname parameters, ...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 0.711
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 2.1.3
Wordpress Wordpress 3.0
Wordpress Wordpress 2.8
1 EDB exploit
6.1
CVSSv3
CVE-2012-5193
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_p...
Bitweaver Bitweaver
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »