Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zeroscience.mk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-771505
The Realtyna RPL application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. M...
3.5
CVSSv2
CVE-2021-26549
An XSS issue exists in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
Smartfoxserver Smartfoxserver 2.17.0
6.8
CVSSv2
CVE-2020-15688
The HTTP Digest Authentication in the GoAhead web server prior to 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote malicious user to bypass authentication via capture-replay if TLS is not used to protect the underlying communication ...
Embedthis Goahead
10
CVSSv2
CVE-2020-12133
The Apros Evolution, ConsciusMap, and Furukawa provisioning systems up to and including 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization.
Farukawa Electric Consciousmap
3.5
CVSSv2
CVE-2021-31583
Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: St...
Sipwise Next Generation Communication Platform 3.6.7
NA
CVE-2021-3158413
The Sipwise application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web si...
6.4
CVSSv2
CVE-2022-25359
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files.
Iclinks Scadaflex Ii Firmware 1.01.01
Iclinks Scadaflex Ii Firmware 1.01.14
Iclinks Scadaflex Ii Firmware 1.02.01
Iclinks Scadaflex Ii Firmware 1.02.15
Iclinks Scadaflex Ii Firmware 1.02.20
Iclinks Scadaflex Ii Firmware 1.03.07
Iclinks Weblib 1.13
Iclinks Weblib 1.14
Iclinks Weblib 1.16
Iclinks Weblib 1.22
Iclinks Weblib 1.24
NA
CVE-2021-2654929
SmartFoxServer 2X version 2.17.0 suffers from a God Mode Console cross site scripting vulnerability.
2.1
CVSSv2
CVE-2021-26550
An issue exists in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml.
Smartfoxserver Smartfoxserver 2.17.0
6
CVSSv2
CVE-2021-26551
An issue exists in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.
Smartfoxserver Smartfoxserver 2.17.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »