Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zeroscience.mk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-771505
The Realtyna RPL application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. M...
8.8
CVSSv3
CVE-2020-15688
The HTTP Digest Authentication in the GoAhead web server prior to 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote malicious user to bypass authentication via capture-replay if TLS is not used to protect the underlying communication ...
Embedthis Goahead
NA
CVE-2017-964030
Automated Logic WebCTRL version 6.1 suffers from path traversal and arbitrary file write vulnerabilities.
NA
CVE-2017-964430
Automated Logic WebCTRL version 6.5 suffers from an insecure file permission privilege escalation vulnerability.
NA
CVE-2015-528521
Kallithea suffers from a HTTP header injection (response splitting) vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET 'came_from' parameter in the login instance. This type of attack not only allows a mali...
9.1
CVSSv3
CVE-2022-25359
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files.
Iclinks Scadaflex Ii Firmware 1.01.01
Iclinks Scadaflex Ii Firmware 1.01.14
Iclinks Scadaflex Ii Firmware 1.02.01
Iclinks Scadaflex Ii Firmware 1.02.15
Iclinks Scadaflex Ii Firmware 1.02.20
Iclinks Scadaflex Ii Firmware 1.03.07
Iclinks Weblib 1.13
Iclinks Weblib 1.14
Iclinks Weblib 1.16
Iclinks Weblib 1.22
Iclinks Weblib 1.24
NA
CVE-2012-217203
IBM System Storage DS Storage Manager Profiler version 4.8.6 suffers from cross site scripting and remote SQL injection vulnerabilities.
NA
CVE-2011-2461
Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x prior to 4.6 allows remote malicious users to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.
Adobe Flex Sdk 3.0
Adobe Flex Sdk 3.5a
Adobe Flex Sdk 3.6
Adobe Flex Sdk 3.0.1
Adobe Flex Sdk 3.1
Adobe Flex Sdk 3.2
Adobe Flex Sdk 4.0
Adobe Flex Sdk 4.1
Adobe Flex Sdk 3.4.1
Adobe Flex Sdk 3.5
Adobe Flex Sdk 3.3
Adobe Flex Sdk 3.4
Adobe Flex Sdk 4.5
Adobe Flex Sdk 4.5.1
13 Github repositories
1 Article
5.4
CVSSv3
CVE-2021-26549
An XSS issue exists in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
Smartfoxserver Smartfoxserver 2.17.0
NA
CVE-2015-226909
Moodle suffers from persistent cross site scripting vulnerabilities. Input passed to the POST parameters 'config_title' and 'title' thru index.php, are not properly sanitized allowing the attacker to execute HTML or JS code into user's browser session on ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »