Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pydio pydio vulnerabilities and exploits
(subscribe to this query)
436
VMScore
CVE-2019-10049
It is possible for an attacker with regular user access to the web application of Pydio up to and including 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in...
Pydio Pydio
890
VMScore
CVE-2015-3431
Pydio (formerly AjaXplorer) prior to 6.0.7 allows remote malicious users to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities."
Pydio Pydio
890
VMScore
CVE-2013-4267
Ajaxeplorer prior to 5.0.1 allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function ...
Pydio Pydio
570
VMScore
CVE-2019-10045
The "action" get_sess_id in the web application of Pydio up to and including 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an malicious user to impersonate a user and perform ...
Pydio Pydio
312
VMScore
CVE-2019-10047
A stored XSS vulnerability exists in the web application of Pydio up to and including 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards ...
Pydio Pydio
801
VMScore
CVE-2018-14772
Pydio 4.2.1 up to and including 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection.
Pydio Pydio
356
VMScore
CVE-2018-1999017
Pydio version 8.2.0 and previous versions contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests th...
Pydio Pydio
756
VMScore
CVE-2018-1999018
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrar...
Pydio Pydio
890
VMScore
CVE-2018-20718
In Pydio prior to 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of su...
Pydio Pydio
1 Github repository
578
VMScore
CVE-2019-20452
A problem was found in Pydio Core prior to 8.2.4 and Pydio Enterprise prior to 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.
Pydio Pydio
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »