Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web studio vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2015-0999
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.
Aveva Aveva Edge
Schneider-electric Wonderware Intouch 2014
4.3
CVSSv2
CVE-2014-9094
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
Digitalzoomstudio Video Gallery -
1 EDB exploit
4.3
CVSSv2
CVE-2014-4578
Cross-site scripting (XSS) vulnerability in asset-studio/icons-launcher.php in the WP App Maker plugin 1.0.16.4 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the uid parameter.
Wp App Maker Project Wp App Maker
4.3
CVSSv2
CVE-2014-3923
Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote malicious users to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allch...
Digitalzoomstudio Video Gallery -
7.5
CVSSv2
CVE-2014-0780
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote malicious users to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
Indusoft Web Studio
Indusoft Web Studio 7.1
1 EDB exploit
6.8
CVSSv2
CVE-2014-1990
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote malicious users to hijack the authentication of administrators for requests that change passwords.
Toshibatec E-studio-282 -
Toshibatec E-studio-232 -
Toshibatec E-studio-233 -
Toshibatec E-studio-283 -
1 EDB exploit
4.3
CVSSv2
CVE-2011-4193
Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 prior to 1.2.1 and SUSE Studio Extension for System z 1.2 prior to 1.2.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted application, related to cloning.
Suse Studio Onsite 1.2
Suse Studio Extension For System Z 1.2
4.3
CVSSv2
CVE-2013-5042
Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x prior to 1.1.4 and 2.0.x prior to 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote malicious users to inject arbitrary web script or HTML via crafted Forever Frame transport protocol da...
Microsoft Asp.net Signalr 1.1.3
Microsoft Asp.net Signalr 1.1.0
Microsoft Asp.net Signalr 2.0.0
Microsoft Asp.net Signalr 1.1.2
Microsoft Asp.net Signalr 1.1.1
Microsoft Visual Studio Team Foundation Server 2013
7.5
CVSSv2
CVE-2013-4547
nginx 0.8.41 up to and including 1.4.3 and 1.5.x prior to 1.5.7 allows remote malicious users to bypass intended restrictions via an unescaped space character in a URI.
F5 Nginx
Suse Lifecycle Management Server 1.3
Suse Studio Onsite 1.3
Suse Webyast 1.3
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
1 EDB exploit
1 Github repository
1.9
CVSSv2
CVE-2013-4025
IBM Data Studio Web Console 3.x prior to 3.2, Optim Performance Manager 5.x prior to 5.2, InfoSphere Optim Configuration Manager 2.x prior to 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote ...
Ibm Infosphere Optim Configuration Manager 2.1
Ibm Data Studio Web Console 3.1.0
Ibm Db2 Recovery Expert 2.0
Ibm Infosphere Optim Configuration Manager 2.0
Ibm Optim Performance Manager 5.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »