Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
name directory project name directory vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-2071
The Name Directory WordPress plugin prior to 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow malicious users to make a logged in admin import arbitrary names with XSS payloa...
Name Directory Project Name Directory
6.1
CVSSv3
CVE-2022-2072
The Name Directory WordPress plugin prior to 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS...
Name Directory Project Name Directory
8.8
CVSSv3
CVE-2023-22692
Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions.
Name Directory Project Name Directory
8.8
CVSSv3
CVE-2021-20652
Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and previous versions allows remote malicious users to hijack the authentication of administrators via unspecified vectors.
Name Directory Project Name Directory
7.4
CVSSv3
CVE-2016-2087
Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
Hexchat Project Hexchat 2.11.0
1 EDB exploit
5.4
CVSSv3
CVE-2024-22548
FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.
Flycms Project Flycms 1.0
6.1
CVSSv3
CVE-2018-3755
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.
Sexstatic Project Sexstatic 0.6.0
Sexstatic Project Sexstatic 0.6.2
NA
CVE-2010-3998
The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and previous versions place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be...
Banshee-project Banshee 1.0
Banshee-project Banshee 0.13.2
Banshee-project Banshee
Banshee-project Banshee 1.7.0
Banshee-project Banshee 1.6.0
Banshee-project Banshee 1.5.1
Banshee-project Banshee 1.5.0
Banshee-project Banshee 1.4.3
Banshee-project Banshee 1.4.2
Banshee-project Banshee 1.7.6
Banshee-project Banshee 1.7.5
Banshee-project Banshee 1.6.1
Banshee-project Banshee 1.5.6
Banshee-project Banshee 1.4
Banshee-project Banshee 1.7.4
Banshee-project Banshee 1.7.3
Banshee-project Banshee 1.5.5
Banshee-project Banshee 1.5.4
Banshee-project Banshee 1.2.1
Banshee-project Banshee 1.2
Banshee-project Banshee 1.7.2
Banshee-project Banshee 1.7.1
5.3
CVSSv3
CVE-2022-26315
qrcp up to and including 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader.
Qrcp Project Qrcp
5.3
CVSSv3
CVE-2021-32842
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the _baseDirectory ...
Sharpziplib Project Sharpziplib
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »