Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv3
CVE-2023-33291
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the appl...
Ebankit Ebankit 6
NA
CVE-2023-47268
PrusaSlicer versions 2.6.1 and below suffer from an arbitrary code execution vulnerability.
8.8
CVSSv3
CVE-2018-12256
admin/vqmods.app/vqmods.inc.php in LiteCart prior to 2.1.3 allows remote authenticated malicious users to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.
Litecart Litecart
NA
CVE-2014-9261
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote malicious users to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
Codologic Codoforum 2.5.1
1 EDB exploit
NA
CVE-2014-92611
Codoforum version 2.5.1 suffers from an arbitrary file download vulnerability.
8.8
CVSSv3
CVE-2017-17874
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
Vanguard Project Marketplace Digital Products Php 1.4.0
1 EDB exploit
7.5
CVSSv3
CVE-2020-25540
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
Thinkadmin Thinkadmin 6.0
5 Github repositories
NA
CVE-2013-5984
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber prior to 0.830 allows remote malicious users to delete arbitrary files via a .. (dot dot) in the file parameter.
Microweber Microweber
9.8
CVSSv3
CVE-2015-2780
Unrestricted file upload vulnerability in Berta CMS allows remote malicious users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
Berta Berta Cms
1 EDB exploit
NA
CVE-2014-9436
Absolute path traversal vulnerability in SysAid On-Premise prior to 14.4.2 allows remote malicious users to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.
Sysaid Sysaid
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »