Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

man-in-the-middle vulnerabilities and exploits

(subscribe to this query)

5
CVSSv2
CVE-2005-0654
gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero....
The Gimp Team Gimp 2.0.5The Gimp Team Gimp 2.2.3The Gimp Team Gimp 2.2.4
6.8
CVSSv2
CVE-2013-2696
Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences....
Crunchify All-in-on-webmaster 7.7.7Crunchify All-in-on-webmaster 8.0.0Crunchify All-in-on-webmaster 8.1Crunchify All-in-on-webmaster 8.2Crunchify All-in-on-webmaster 8.2.1Crunchify All-in-on-webmaster 8.2.2Crunchify All-in-on-webmaster
7.5
CVSSv2
CVE-2016-5579
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability...
Oracle Outside In Technology 8.4.0Oracle Outside In Technology 8.5.1Oracle Outside In Technology 8.5.2Oracle Outside In Technology 8.5.3
10
CVSSv2
CVE-2004-0262
Stack-based buffer overflow in The Palace 3.5 and earlier client allows remote attackers to execute arbitrary code via a link to a palace:// url followed by a long server address string....
The Palace The Palace Client 3.5
2.1
CVSSv2
CVE-2014-2690
Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log....
Citrix Vdi-in-a-box 5.3.0Citrix Vdi-in-a-box 5.3.1Citrix Vdi-in-a-box 5.3.2Citrix Vdi-in-a-box 5.3.3Citrix Vdi-in-a-box 5.3.4Citrix Vdi-in-a-box 5.3.5Citrix Vdi-in-a-box 5.4.0Citrix Vdi-in-a-box 5.4.1Citrix Vdi-in-a-box 5.4.2
7.5
CVSSv2
CVE-2007-2424
PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter....
The Merchant Project The Merchant 2.2
7.5
CVSSv2
CVE-2016-5577
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability...
Oracle Outside In Technology 8.4.0Oracle Outside In Technology 8.5.1Oracle Outside In Technology 8.5.2Oracle Outside In Technology 8.5.3
7.5
CVSSv2
CVE-2016-5588
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability...
Oracle Outside In Technology 8.4.0Oracle Outside In Technology 8.5.1Oracle Outside In Technology 8.5.2Oracle Outside In Technology 8.5.3
4.3
CVSSv2
CVE-2014-8304
Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the next_template parameter to admin/index.php....
In-portal In-portal
6.8
CVSSv2
CVE-2009-4986
Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter....
In-portal In-portal 4.3.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
wirelesstoodeequinn projecttype confusionCVE-2021-26857scratchpadCVE-2020-29020man-in-the-middleibmCVE-2021-26971CVE-2021-28032CVE-2021-21725CVE-2021-26855