Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unauthorized vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27894
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is ...
5
CVSSv2
CVE-2017-6624
A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote malicious user to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affect...
Cisco Ios 15.5\\(3\\)m
7.5
CVSSv2
CVE-2007-6414
admin/administrator.php in Adult Script 1.6 and previous versions sends a redirect to the web browser but does not exit, which allows remote malicious users to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitr...
Adultscript Adultscript 1.6
1 EDB exploit
7.5
CVSSv2
CVE-2002-1884
index.php in Py-Membres 3.1 allows remote malicious users to log in as an administrator by setting the pymembs parameter to "admin".
Py-membres Py-membres 3.1
1 EDB exploit
5
CVSSv2
CVE-2006-5428
rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote malicious users to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.
Cerberus Cerberus Helpdesk 3.2.1
1 EDB exploit
5
CVSSv2
CVE-2017-15235
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote malicious users to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
Horde Groupware 5.2.21
1 EDB exploit
10
CVSSv2
CVE-2017-18001
Trustwave Secure Web Gateway (SWG) up to and including 11.8.0.27 allows remote malicious users to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
Trustwave Secure Web Gateway
1 EDB exploit
4.6
CVSSv2
CVE-2003-1169
DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.
Datev Nutzungskontrolle 2.1
Datev Nutzungskontrolle 2.2
1 EDB exploit
7.5
CVSSv2
CVE-2002-0995
login.php for PHPAuction allows remote malicious users to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.
Gianluca Baldo Phpauction 1.2
Gianluca Baldo Phpauction 1.3
Gianluca Baldo Phpauction 2.0
Gianluca Baldo Phpauction 2.1
1 EDB exploit
NA
CVE-2022-20857
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote malicious user to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the D...
Cisco Nexus Dashboard
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29758
CVE-2023-42931
unauthorized
CVE-2024-1540
unprivileged
CVE-2023-24955
CVE-2024-20259
logic flaw
CVE-2024-20333
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »