Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web frontend vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-30461
A remote code execution issue exists in the web UI of VoIPmonitor prior to 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.
Voipmonitor Voipmonitor
3 Github repositories
9.8
CVSSv3
CVE-2020-12606
An issue exists in DB Soft SGLAC prior to 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an malicious user to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xp_cm...
Dbsoft Sglac
9.8
CVSSv3
CVE-2019-12524
An issue exists in Squid up to and including 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maint...
Squid-cache Squid
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
9.8
CVSSv3
CVE-2019-12525
An issue exists in Squid 3.3.9 up to and including 3.5.28 and 4.x up to and including 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token'...
Squid-cache Squid
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 29
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
9.8
CVSSv3
CVE-2019-11231
An issue exists in GetSimple CMS up to and including 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be by...
Get-simple Getsimple Cms
1 EDB exploit
9.8
CVSSv3
CVE-2016-10134
SQL injection vulnerability in Zabbix prior to 2.2.14 and 3.0 prior to 3.0.4 allows remote malicious users to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
Zabbix Zabbix 3.0.0
Zabbix Zabbix 3.0.2
Zabbix Zabbix
Zabbix Zabbix 3.0.3
Zabbix Zabbix 3.0.1
9.1
CVSSv3
CVE-2020-3158
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote malicious user to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a def...
Cisco Smart Software Manager On-prem
1 Article
8.8
CVSSv3
CVE-2023-1109
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full ...
Phoenixcontact Energy Axc Pu
Phoenixcontact Infobox Firmware
Phoenixcontact Smartrtu Axc Sg Firmware
Phoenixcontact Smartrtu Axc Ig Firmware
8.8
CVSSv3
CVE-2022-31086
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Co...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
8.8
CVSSv3
CVE-2020-9474
The S. Siedle & Soehne SG 150-0 Smart Gateway prior to 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway.
Siedle Sg 150-0 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »