Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-4010
Magento CE and EE prior to 2.0.6 allows remote malicious users to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
Magento Magento
1 EDB exploit
3 Github repositories
1 Article
NA
CVE-2008-4509
Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the ro...
Foss Gallery Foss Gallery 1.0
3 EDB exploits
NA
CVE-2001-0653
Sendmail 8.10.0 up to and including 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
Sendmail Sendmail 8.12
Sendmail Sendmail 8.11.0
Sendmail Sendmail 8.11.1
Sendmail Sendmail 8.11.2
Sendmail Sendmail 8.11.3
Sendmail Sendmail 8.11.4
Sendmail Sendmail 8.11.5
4 EDB exploits
NA
CVE-2005-3927
Multiple directory traversal vulnerabilities in GuppY 4.5.9 and previous versions allow remote malicious users to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbb...
Guppy Guppy 4.5.3a
Guppy Guppy 4.5.4
Guppy Guppy 4.5.9
Guppy Guppy 4.5
Guppy Guppy 4.5.3
4 EDB exploits
7.5
CVSSv3
CVE-2017-5630
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
Php Pear 1.10.1
1 EDB exploit
7.8
CVSSv3
CVE-2019-13623
In NSA Ghidra prior to 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows malicious users to overwrite arbitrary files in scenarios where a...
Nsa Ghidra
1 EDB exploit
NA
CVE-2015-6923
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.
Vboxcomm Satellite Express Protocol 2.3.17.3
1 EDB exploit
8.8
CVSSv3
CVE-2015-6568
Wolf CMS prior to 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploadi...
Wolfcms Wolf Cms
2 EDB exploits
NA
CVE-2011-2745
upload_handler.php in the swfupload extension in Chyrp 2.0 and previous versions relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, vi...
Chyrp Chyrp
1 EDB exploit
8.8
CVSSv3
CVE-2015-6567
Wolf CMS prior to 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functio...
Wolfcms Wolf Cms
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »