Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-3507
Directory traversal vulnerability in CuteNews 1.4.1 allows remote malicious users to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.
Cutephp Cutenews
2 EDB exploits
NA
CVE-2008-6178
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote malicious users to execute arbitrary code by creating a file with PHP sequences preceded by...
Phplist Phplist 2.10.1
Fckeditor Fckeditor 2.4.3
Phplist Phplist 2.10.5
Phplist Phplist 2.10.4
Fckeditor Fckeditor 2.3beta
Fckeditor Fckeditor 2.0rc2
Fckeditor Fckeditor 2.0rc3
Fckeditor Fckeditor 2.2
Phplist Phplist 2.10.3
Phplist Phplist 2.10.2
Phplist Phplist 2.10.6
2 EDB exploits
NA
CVE-2012-1661
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and previous versions does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote malicious users to execute arbitrary VBA code via a crafted map (.mxd) file.
Esri Arcgis
Esri Arcgis 9.0
Esri Arcmap 9.0
1 EDB exploit
8.8
CVSSv3
CVE-2017-14704
Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct ...
Claydip Airbnb Clone 1.0
1 EDB exploit
NA
CVE-2007-1149
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote malicious users to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.
Lovecms Lovecms 1.4
2 EDB exploits
NA
CVE-2005-1629
SQL injection vulnerability in member.php for Photopost PHP Pro allows remote malicious users to execute arbitrary SQL commands via the verifykey parameter.
Photopost Photopost Php Pro 3.1
Photopost Photopost Php Pro 3.2
Photopost Photopost Php Pro 5.0 Rc3
Photopost Photopost Php Pro 4.0
Photopost Photopost Php Pro 4.6
Photopost Photopost Php Pro 3.3
Photopost Photopost Php Pro 4.1
Photopost Photopost Php Pro 4.8.1
1 EDB exploit
NA
CVE-2009-4050
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote malicious users to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third p...
Phpmybackuppro Phpmybackuppro 2.1
1 EDB exploit
8.8
CVSSv3
CVE-2017-14840
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
Teamworktec Ticketplus -
1 EDB exploit
NA
CVE-2005-0691
PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote malicious users to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code.
Socialmpn Socialmpn 1.2.3
Socialmpn Socialmpn 1.2.4
Socialmpn Socialmpn 1.2.5
Socialmpn Socialmpn 1.2.1
Socialmpn Socialmpn 1.2.2
1 EDB exploit
NA
CVE-2010-5099
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.9, and 4.4.x prior to 4.4.5 does not properly filter file types, which allows remote malicious users to bypass intended access restrictions and access arb...
Typo3 Typo3 4.2.0
Typo3 Typo3 4.2.7
Typo3 Typo3 4.2.8
Typo3 Typo3 4.2.15
Typo3 Typo3 4.2.3
Typo3 Typo3 4.2.4
Typo3 Typo3 4.2.11
Typo3 Typo3 4.2.12
Typo3 Typo3 4.2.5
Typo3 Typo3 4.2.6
Typo3 Typo3 4.2.13
Typo3 Typo3 4.2.14
Typo3 Typo3 4.2.1
Typo3 Typo3 4.2.2
Typo3 Typo3 4.2.9
Typo3 Typo3 4.2.10
Typo3 Typo3 4.3.7
Typo3 Typo3 4.3.8
Typo3 Typo3 4.3.2
Typo3 Typo3 4.3.3
Typo3 Typo3 4.3.4
Typo3 Typo3 4.3.5
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »