Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfgang hotwagner vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2017-3316
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox before 5.0.32 and before 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
Oracle Vm Virtualbox 5.0.30
Oracle Vm Virtualbox 5.1.12
1 EDB exploit
676
VMScore
CVE-2017-6445
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely.
Openelec Openelec 6.0.3
Openelec Openelec 7.0.1
614
VMScore
CVE-2019-10143
It exists freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory norm...
Freeradius Freeradius
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Redhat Enterprise Linux 8.0
668
VMScore
CVE-2019-15741
An issue exists in GitLab Omnibus 7.4 up to and including 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
Gitlab Omnibus
668
VMScore
CVE-2019-16885
In OkayCMS up to and including 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Compariso...
Okay-cms Okaycms
445
VMScore
CVE-2020-9364
An issue exists in helpers/mailer.php in the Creative Contact Form extension 4.6.2 prior to 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit t...
Creative-solutions Creative Contact Form 4.6.2
668
VMScore
CVE-2020-24913
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated malicious user to access the database by injecting SQL code via a crafted POST request.
Qcubed Qcubed
383
VMScore
CVE-2020-24912
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated malicious users to steal sessions of authenticated users.
Qcubed Qcubed
668
VMScore
CVE-2020-24914
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated malicious user to execute code via a crafted POST request.
Qcubed Qcubed
578
VMScore
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
Fork-cms Fork Cms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started