Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-7157
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and previous versions allows remote malicious users to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in upl...
Ekinboard Ekinboard
1 EDB exploit
NA
CVE-2007-2236
footer.php in PunBB 1.2.14 and previous versions allows remote malicious users to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file...
Punbb Punbb
5.3
CVSSv3
CVE-2021-26081
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 prior to 8.13.6, and from version 8.14.0 prior to 8.16.1 allows remote malicious users to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user...
Atlassian Data Center
Atlassian Jira Data Center
Atlassian Jira
Atlassian Jira Server
9.8
CVSSv3
CVE-2021-41661
Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell.
Church Management System Project Church Management System 1.0
NA
CVE-2005-2817
Simple Machines Forum (SMF) 1-0-5 and previous versions supports the use of URLs for avatar images, which allows remote malicious users to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.
Simple Machines Simple Machines Forum 1.0.5
NA
CVE-2008-3415
Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg f...
Cmscout Cmscout 2.05
1 EDB exploit
NA
CVE-2009-1659
Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote malicious users to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file ...
Intelliants Elitius 1.0
1 EDB exploit
6.5
CVSSv3
CVE-2019-20897
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote malicious users to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 prior to 8.6.2, and from version 8.7.0 pri...
Atlassian Jira
Atlassian Jira Server
Atlassian Jira Software Data Center
Atlassian Jira Data Center
NA
CVE-2013-4465
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum prior to 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the fi...
Simplemachines Simple Machines Forum 1.0.15
Simplemachines Simple Machines Forum 1.1.6
Simplemachines Simple Machines Forum 1.1.15
Simplemachines Simple Machines Forum 1.1.8
Simplemachines Simple Machines Forum 1.1.5
Simplemachines Simple Machines Forum 1.1.11
Simplemachines Simple Machines Forum 1.1.14
Simplemachines Simple Machines Forum 1.0.14
Simplemachines Simple Machines Forum 1.0.8
Simplemachines Simple Machines Forum 1.1.16
Simplemachines Simple Machines Forum 1.1.1
Simplemachines Simple Machines Forum 1.0.2
Simplemachines Simple Machines Forum 1.0.12
Simplemachines Simple Machines Forum 1.0.16
Simplemachines Simple Machines Forum 2.0.4
Simplemachines Simple Machines Forum 1.0
Simplemachines Simple Machines Forum 1.0.9
Simplemachines Simple Machines Forum 1.0.23
Simplemachines Simple Machines Forum 1.0.21
Simplemachines Simple Machines Forum 1.0.6
Simplemachines Simple Machines Forum 2.1
Simplemachines Simple Machines Forum 2.0.2
5.4
CVSSv3
CVE-2017-15284
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account.
Octobercms October 1.0.425
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »