Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6731
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.
China-on-site Flexphplink 0.0.7
1 EDB exploit
NA
CVE-2008-6806
Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and previous versions allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.
7-shop 7shop
7-shop 7shop 1.0
7-shop 7shop 0.9 Beta
1 EDB exploit
NA
CVE-2008-6815
mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote malicious users to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.
Myktools Myktools 2.4
1 EDB exploit
NA
CVE-2008-6918
Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/.
Theportal2.pl Theportal2 2.2
1 EDB exploit
NA
CVE-2007-5230
admin/upload_files.php in Zomplog 3.8.1 and previous versions does not check for administrative credentials, which allows remote malicious users to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231.
Zomplog Zomplog 3.7.6
Zomplog Zomplog 3.8
Zomplog Zomplog 3.8.1
Zomplog Zomplog 3.7
1 EDB exploit
NA
CVE-2013-5984
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber prior to 0.830 allows remote malicious users to delete arbitrary files via a .. (dot dot) in the file parameter.
Microweber Microweber
NA
CVE-2008-4913
Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and previous versions allows remote malicious users to delete arbitrary files via a .. (dot dot) in the delete parameter.
Lokicms Lokicms 0.1.0
Lokicms Lokicms
Lokicms Lokicms 0.3.2b1
Lokicms Lokicms 0.3.1b2
Lokicms Lokicms 0.2.0
Lokicms Lokicms 0.1.0rc1
Lokicms Lokicms 0.3.1b1
Lokicms Lokicms 0.3.0
1 EDB exploit
NA
CVE-2008-5220
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and previous versions allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.
Wportfolio Wportfolio
Wportfolio Wportfolio 0.2
1 EDB exploit
NA
CVE-2007-5231
Unrestricted file upload vulnerability in admin/upload_files.php in Zomplog 3.8.1 and previous versions allows remote authenticated administrators to upload and execute arbitrary .php files by sending a modified MIME type. NOTE: this can be exploited by unauthenticated attackers ...
Zomplog Zomplog 3.8
Zomplog Zomplog 3.8.1
Zomplog Zomplog 3.7
Zomplog Zomplog 3.7.6
1 EDB exploit
7.4
CVSSv3
CVE-2023-33291
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the appl...
Ebankit Ebankit 6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »