Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unauthorized vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2017-12262
A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent malicious user to gain privileged access to services only available on the internal network of the devi...
Cisco Application Policy Infrastructure Controller Enterprise Module
7.6
CVSSv2
CVE-2003-0332
The ISAPI extension in BadBlue 1.7 up to and including 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote malicious users to bypass authentication via a filename with a .ats extension i...
Working Resources Inc. Badblue
1 EDB exploit
9.3
CVSSv2
CVE-2010-2860
The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote malicious users to read, create, or modify arbitrary files in the user data directory via NFS reque...
Emc Celerra Network Attached Storage
1 EDB exploit
7.5
CVSSv2
CVE-2002-1217
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote malicious users to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which byp...
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
1 EDB exploit
10
CVSSv2
CVE-2007-2429
ManageEngine PasswordManager Pro (PMP) allows remote malicious users to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of t...
Manageengine Passwordmanager Pro
1 EDB exploit
5
CVSSv2
CVE-2004-2451
Roger Wilco 1.4.1.6 and previous versions, or Roger Wilco Base Station 0.30a or earlier, allows remote malicious users to send audio to arbitrary channels, aka the "Voices from the deep" bug.
1 EDB exploit
10
CVSSv2
CVE-2020-7136
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) before 8.5.6. Please visit the HPE S...
Hpe Smart Update Manager
7.2
CVSSv2
CVE-2015-5602
sudoedit in Sudo prior to 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
Sudo Project Sudo
1 EDB exploit
2 Github repositories
4
CVSSv2
CVE-2015-6344
The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105.
Cisco Asa Cx Context-aware Security Software 9.3.4.1.11
5
CVSSv2
CVE-2002-0300
gnujsp 1.0.0 and 1.0.1 allows remote malicious users to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the ...
Gnujsp Gnujsp 1.0.0
Gnujsp Gnujsp 1.0.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »