Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

file away project file away vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2023-0431
The File Away WordPress plugin up to and including 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
File Away Project File Away
755
VMScore
CVE-2005-2103
Buffer overflow in the AIM and ICQ module in Gaim prior to 1.5.0 allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
Gaim Project Gaim
NA
CVE-2022-36667
Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE.
Garage Management System Project Garage Management System 1.0
445
VMScore
CVE-2011-3848
Directory traversal vulnerability in Puppet 2.6.x prior to 2.6.10 and 2.7.x prior to 2.7.4 allows remote malicious users to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject o...
Puppet Puppet 2.6.2Puppet Puppet 2.6.3Puppetlabs Puppet 2.7.0Puppetlabs Puppet 2.7.1Puppet Puppet 2.6.0Puppet Puppet 2.6.1Puppet Puppet 2.6.8Puppet Puppet 2.6.9Puppet Puppet 2.6.6Puppet Puppet 2.6.7Puppet Puppet 2.6.4Puppet Puppet 2.6.5Puppet Puppet 2.7.2Puppet Puppet 2.7.3
561
VMScore
CVE-2011-3869
Puppet 2.7.x prior to 2.7.5, 2.6.x prior to 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
Puppetlabs Puppet 2.7.0Puppet Puppet 2.7.3Puppet Puppet 2.6.1Puppet Puppet 2.6.8Puppet Puppet 2.7.2Puppetlabs Puppet 2.7.1Puppet Puppet 2.6.3Puppet Puppet 2.6.2Puppet Puppet 2.6.9Puppet Puppet 2.6.4Puppet Puppet 2.6.5Puppet Puppet 2.6.10Puppet Puppet 2.7.4Puppet Puppet 2.6.0Puppet Puppet 2.6.7Puppet Puppet 2.6.6Puppet Puppet 0.25.1Puppet Puppet 0.25.2Puppet Puppet 0.25.3Puppet Puppet 0.25.0Puppet Puppet 0.25.6Puppet Puppet 0.25.4
561
VMScore
CVE-2011-3870
Puppet 2.7.x prior to 2.7.5, 2.6.x prior to 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.
Puppetlabs Puppet 2.7.0Puppet Puppet 2.7.4Puppet Puppet 2.6.2Puppet Puppet 2.6.1Puppet Puppet 2.7.2Puppetlabs Puppet 2.7.1Puppet Puppet 2.6.4Puppet Puppet 2.6.3Puppet Puppet 2.6.10Puppet Puppet 2.6.0Puppet Puppet 2.6.6Puppet Puppet 2.6.5Puppet Puppet 2.7.3Puppet Puppet 2.6.9Puppet Puppet 2.6.8Puppet Puppet 2.6.7Puppet Puppet 0.25.3Puppet Puppet 0.25.2Puppet Puppet 0.25.4Puppet Puppet 0.25.5Puppet Puppet 0.25.1Puppet Puppet 0.25.0
552
VMScore
CVE-2011-3871
Puppet 2.7.x prior to 2.7.5, 2.6.x prior to 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
Puppet Puppet 2.7.2Puppetlabs Puppet 2.7.1Puppet Puppet 2.6.4Puppet Puppet 2.6.3Puppet Puppet 2.6.10Puppet Puppet 2.6.0Puppet Puppet 2.6.6Puppet Puppet 2.6.5Puppetlabs Puppet 2.7.0Puppet Puppet 2.7.4Puppet Puppet 2.6.2Puppet Puppet 2.6.1Puppet Puppet 2.7.3Puppet Puppet 2.6.9Puppet Puppet 2.6.8Puppet Puppet 2.6.7Puppet Puppet 0.25.4Puppet Puppet 0.25.5Puppet Puppet 0.25.3Puppet Puppet 0.25.2Puppet Puppet 0.25.1Puppet Puppet 0.25.0
445
VMScore
CVE-2005-2370
Multiple "memory alignment errors" in libgadu, as used in ekg prior to 1.6rc2, Gaim prior to 1.5.0, and other packages, allows remote malicious users to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.
Ekg Ekg 2005-04-11Ekg Ekg 2005-06-05Rob Flynn GaimEkg Ekg 1.3Ekg Ekg 1.4Ekg Ekg 1.1Ekg Ekg 1.5Ekg Ekg 1.6 Rc1
1000
VMScore
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0Apache Log4jSiemens Sppa-t3000 Ses3000 FirmwareSiemens Logo\\! Soft ComfortSiemens Spectrum Power 4 4.70Siemens Spectrum Power 4Siemens Siveillance Control ProSiemens Energyip Prepay 3.7Siemens Energyip Prepay 3.8Siemens Siveillance Identity 1.6Siemens Siveillance Identity 1.5Siemens Siveillance CommandSiemens Sipass Integrated 2.85Siemens Sipass Integrated 2.80Siemens Head-end System Universal Device Integration SystemSiemens Gma-managerSiemens Energyip 8.5Siemens Energyip 8.6Siemens Energyip 8.7Siemens Energyip 9.0Siemens Energy Engage 3.1Siemens E-car Operation Center
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook