Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file file 4.2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-0259
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an malicious user to upload any file (including script files) without proper file format validation.
Sap Businessobjects 4.3
Sap Businessobjects 4.2
7.5
CVSSv2
CVE-2015-5074
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM prior to 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.
X2engine X2crm
1 EDB exploit
7.5
CVSSv2
CVE-2002-0134
Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote malicious users to list file contents of the proxy and execute arbitrary commands via a "dos" command.
Avirt Avirt Gateway Suite 4.2
6.8
CVSSv2
CVE-2007-0123
Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote malicious users to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.
Uber Uploader Uber Uploader 4.2
10
CVSSv2
CVE-2013-6955
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 prior to 4.0-2259, 4.2 prior to 4.2-3243, and 4.3 prior to 4.3-3810 Update 1 allows remote malicious users to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPL...
Synology Diskstation Manager 4.3
Synology Diskstation Manager 4.2
Synology Diskstation Manager 4.0
Synology Diskstation Manager 4.3-3810
1 EDB exploit
5
CVSSv2
CVE-2006-6229
Codewalkers ltwCalendar (aka PHP Event Calendar) prior to 4.2.1 logs failed passwords, which might allow malicious users to infer correct passwords from the log file.
Codewalkers Ltwcalendar 4.1.3
Codewalkers Ltwcalendar 4.2
4.6
CVSSv2
CVE-2002-1513
The UCX POP server in HP TCP/IP services for OpenVMS 4.2 up to and including 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.
Compaq Tcp-ip Services 4.2
Compaq Tcp-ip Services 5.0a
Compaq Tcp-ip Services 5.1
Compaq Tcp-ip Services 5.3
1 EDB exploit
4.6
CVSSv2
CVE-2020-6245
SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.
Sap Businessobjects Business Intelligence Platform 4.2
NA
CVE-2022-30622
Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit ...
Chcnav P5e Gnss Firmware 4.2
Chcnav P5e Gnss Firmware
10
CVSSv2
CVE-1999-1405
snap command in AIX prior to 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd be...
Ibm Aix 4.2
Ibm Aix 4.2.1
Ibm Aix 4.1.4
Ibm Aix 4.1.5
Ibm Aix 3.2.5
Ibm Aix 4.1
Ibm Aix 4.1.2
Ibm Aix 4.1.3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »