Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web server vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-15746
SITOS six Build v6.2.1 allows an malicious user to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.
Sitos Sitos Six 6.2.1
10
CVSSv2
CVE-2019-1913
Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote malicious user to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operatin...
Cisco Sf-220-24 Firmware
Cisco Sf220-24p Firmware
Cisco Sf220-48 Firmware
Cisco Sf220-48p Firmware
Cisco Sg220-26 Firmware
Cisco Sg220-26p Firmware
Cisco Sg220-28 Firmware
Cisco Sg220-28mp Firmware
Cisco Sg220-50 Firmware
Cisco Sg220-50p Firmware
Cisco Sg220-52 Firmware
1 EDB exploit
1 Article
10
CVSSv2
CVE-2019-14699
An issue exists on MicroDigital N-series cameras with firmware up to and including 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD we...
Microdigital Mdc-n4090 Firmware
Microdigital Mdc-n4090w Firmware
Microdigital Mdc-n2190v Firmware
10
CVSSv2
CVE-2018-14495
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server ...
Vivotek Fd8136 Firmware 0301a
10
CVSSv2
CVE-2019-1821
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote malicious user to execute code with root-level privileges on the underlying operating system. This vu...
Cisco Prime Infrastructure
Cisco Evolved Programmable Network Manager
Cisco Network Level Service 3.0\\(0.0.83b\\)
2 EDB exploits
1 Github repository
1 Article
10
CVSSv2
CVE-2019-9505
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privile...
Printerlogic Print Management
10
CVSSv2
CVE-2018-5409
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, ...
Printerlogic Print Management
10
CVSSv2
CVE-2018-17916
InduSoft Web Studio versions before 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions before 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related action...
Aveva Indusoft Web Studio 8.0
Aveva Indusoft Web Studio 7.1
Aveva Indusoft Web Studio 8.1
Aveva Indusoft Web Studio 6.1
Aveva Edge 8.1
Aveva Intouch Machine Edition 2014 R2
10
CVSSv2
CVE-2018-17153
It exists that the Western Digital My Cloud device prior to 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full cont...
Western Digital My Cloud Wdbctl0020hwt Firmware
Western Digital My Cloud Pr4100
Western Digital My Cloud Pr2100 Firmware
Western Digital My Cloud Mirror Gen 2 Firmware
Western Digital My Cloud Mirror Firmware
Western Digital My Cloud Ex4100
Western Digital My Cloud Ex4 Firmware
Western Digital My Cloud Ex2100 Firmware
Western Digital My Cloud Ex2 Ultra Firmware
Western Digital My Cloud Ex2 Firmware
Western Digital My Cloud Dl4100 Firmware
Western Digital My Cloud Dl2100
1 Metasploit module
1 Article
10
CVSSv2
CVE-2018-6213
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.
D-link Dir-620 Firmware 1.0.3
D-link Dir-620 Firmware 1.0.37
D-link Dir-620 Firmware 1.3.1
D-link Dir-620 Firmware 1.3.3
D-link Dir-620 Firmware 1.3.7
D-link Dir-620 Firmware 1.4.0
D-link Dir-620 Firmware 2.0.22
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »