Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-4957
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote malicious users to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.
Novell File Reporter 1.0.2
1 EDB exploit
NA
CVE-2012-4958
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote malicious users to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
Novell File Reporter 1.0.2
1 EDB exploit
NA
CVE-2012-4956
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote malicious users to execute arbitrary code via a large number of VOL elements in an SRS record.
Novell File Reporter 1.0.2
NA
CVE-2008-0373
Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote malicious users to upload and execute arbitrary PHP files.
Php F1 Maxs File Uploader
8.8
CVSSv3
CVE-2023-47792
Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads – Increase Maximum File Upload Size plugin <= 2.1.1 versions.
Infiniteuploads Big File Uploads
8.1
CVSSv3
CVE-2019-10869
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin prior to 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an malicious user to traverse the file system to access files and execute code via the includes/fields/upload.php (aka up...
Ninjaforms Ninja Forms File Uploads
1 Github repository
9.8
CVSSv3
CVE-2023-2068
The File Manager Advanced Shortcode WordPress plugin up to and including 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst cas...
Advancedfilemanager File Manager Advanced Shortcode
6.5
CVSSv3
CVE-2020-8503
Biscom Secure File Transfer (SFT) 5.0.1050 up to and including 5.1.1067 and 6.0.1000 up to and including 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.
Biscom Secure File Transfer
NA
CVE-2002-0978
Microsoft File Transfer Manager (FTM) ActiveX control prior to 4.0 allows remote malicious users to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function.
Microsoft File Transfer Manager
NA
CVE-2013-2982
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors.
Ibm Sterling B2b Integrator 5.2
Ibm Sterling B2b Integrator 5.1
Ibm Sterling File Gateway 2.1
Ibm Sterling File Gateway 2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »