Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zeroscience.mk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-2654929
SmartFoxServer 2X version 2.17.0 suffers from a God Mode Console cross site scripting vulnerability.
5.5
CVSSv3
CVE-2021-26550
An issue exists in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml.
Smartfoxserver Smartfoxserver 2.17.0
8.8
CVSSv3
CVE-2021-26551
An issue exists in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.
Smartfoxserver Smartfoxserver 2.17.0
NA
CVE-2022-3475327
Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap....
NA
CVE-2015-528521
Kallithea suffers from a HTTP header injection (response splitting) vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET 'came_from' parameter in the login instance. This type of attack not only allows a mali...
8.8
CVSSv3
CVE-2022-34753
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller (5200WHC2), formerly known...
Schneider-electric Spacelogic C-bus Home Controller Firmware
1 Github repository
5.4
CVSSv3
CVE-2021-26549
An XSS issue exists in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
Smartfoxserver Smartfoxserver 2.17.0
NA
CVE-2021-2655129
SmartFoxServer 2X version 2.17.0 suffers from a God Mode Console remote code execution vulnerability.
NA
CVE-2017-964030
Automated Logic WebCTRL version 6.1 suffers from path traversal and arbitrary file write vulnerabilities.
NA
CVE-2017-964430
Automated Logic WebCTRL version 6.5 suffers from an insecure file permission privilege escalation vulnerability.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »