Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unauthorized vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2015-6417
Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and previous versions does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CS...
Cisco Videoscape Distribution Suite Service Manager 3.4.0
Cisco Videoscape Distribution Suite Service Manager 3.2.0
Cisco Videoscape Distribution Suite Service Manager 3.0.0
Cisco Videoscape Distribution Suite Service Manager 3.1.0
Cisco Videoscape Distribution Suite Service Manager 3.3.0
6.5
CVSSv2
CVE-2015-6395
Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote malicious users to modify the configuration via a direct request, aka Bug ID CSCuw48188.
Cisco Prime Service Catalog 10.1 Base
Cisco Prime Service Catalog 10.0 Base
Cisco Prime Service Catalog 11.0 Base
Cisco Prime Service Catalog 10.0\\(r2\\) Base
10
CVSSv2
CVE-2017-12337
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote malicious user to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a ...
Cisco Prime License Manager -
Cisco Unity Connection -
Cisco Emergency Responder -
Cisco Unified Communications Manager Im And Presence Service -
Cisco Unified Communications Manager -
Cisco Finesse -
Cisco Mediasense -
Cisco Socialminer -
Cisco Unified Intelligence Center -
Cisco Hosted Collaboration Solution -
Cisco Unified Contact Center Express -
7.5
CVSSv2
CVE-2001-1188
mailto.exe in Brian Dorricott MAILTO 1.0.9 and previous versions allows remote malicious users to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields.
Brian Dorricott Mailto 1.0.7
Brian Dorricott Mailto 1.0.8
Brian Dorricott Mailto 1.0.9
1 EDB exploit
3.3
CVSSv2
CVE-2019-1805
A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent malicious user to access a CLI instance on an affected device. The vulnerability is due ...
Cisco Wireless Lan Controller Software 8.3\\(141.0\\)
5
CVSSv2
CVE-2016-1321
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote malicious users to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an ...
Cisco Universal Small Cell Firmware R3.4 Base
Cisco Universal Small Cell Firmware R3.3 Base
Cisco Universal Small Cell Firmware R2.12 Base
Cisco Universal Small Cell Firmware R3.4 2.17
Cisco Universal Small Cell Firmware R3.4 2.1
Cisco Universal Small Cell Firmware R2.16 Base
Cisco Universal Small Cell Firmware R2.15 Base
Cisco Universal Small Cell Firmware R3.4 1.1
Cisco Universal Small Cell Firmware R3.5 Base
Cisco Universal Small Cell Firmware R2.14 Base
Cisco Universal Small Cell Firmware R2.13 Base
Cisco Universal Small Cell Firmware R3.2 Base
Cisco Universal Small Cell Firmware R2.17 Base
7.5
CVSSv2
CVE-2005-2729
The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote malicious users to bypass firewall rules and connect to local services.
Astaro Security Linux 6.001
1 EDB exploit
6.8
CVSSv2
CVE-2016-6377
Media Origination System Suite Software 2.6 and previous versions in Cisco Virtual Media Packager (VMP) allows remote malicious users to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110.
Cisco Media Origination System Suite 2.3 Base
Cisco Media Origination System Suite 2.3\\(7\\)
Cisco Media Origination System Suite 2.3\\(8\\)
Cisco Media Origination System Suite 2.4\\(1\\)
Cisco Media Origination System Suite 2.3\\(2\\)
Cisco Media Origination System Suite 2.3\\(6\\)
Cisco Media Origination System Suite 2.6 Base
Cisco Media Origination System Suite 2.3\\(1\\)
Cisco Media Origination System Suite 2.4 Base
Cisco Media Origination System Suite 2.5 Base
Cisco Media Origination System Suite 2.5\\(0\\)
Cisco Media Origination System Suite 2.5\\(1\\)
10
CVSSv2
CVE-2014-0721
The Cisco Unified SIP Phone 3905 with firmware prior to 9.4(1) allows remote malicious users to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.
Cisco Unified Sip Phone 3905 -
5
CVSSv2
CVE-2002-0922
CGIScript.net csNews.cgi allows remote malicious users to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to default%2edb.
Cgiscript.net Csnews 1.0
Cgiscript.net Csnews 1.0 Professional
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »