Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pydio pydio vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-3431
Pydio (formerly AjaXplorer) prior to 6.0.7 allows remote malicious users to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities."
Pydio Pydio
6.1
CVSSv3
CVE-2015-3432
Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) prior to 6.0.7 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities."
Pydio Pydio
9.8
CVSSv3
CVE-2019-9642
An issue exists in proxy.php in pydio-core in Pydio up to and including 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution...
Pydio Pydio
9.8
CVSSv3
CVE-2018-20718
In Pydio prior to 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of su...
Pydio Pydio
1 Github repository
6.5
CVSSv3
CVE-2019-10045
The "action" get_sess_id in the web application of Pydio up to and including 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an malicious user to impersonate a user and perform ...
Pydio Pydio
5.4
CVSSv3
CVE-2019-10047
A stored XSS vulnerability exists in the web application of Pydio up to and including 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards ...
Pydio Pydio
7.2
CVSSv3
CVE-2019-10048
The ImageMagick plugin that is installed by default in Pydio up to and including 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in co...
Pydio Pydio
7.3
CVSSv3
CVE-2019-10049
It is possible for an attacker with regular user access to the web application of Pydio up to and including 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in...
Pydio Pydio
6.1
CVSSv3
CVE-2018-1999016
Pydio version 8.2.0 and previous versions contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated ...
Pydio Pydio
4.9
CVSSv3
CVE-2018-1999017
Pydio version 8.2.0 and previous versions contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests th...
Pydio Pydio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »