Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file file 4.4 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-11108
The Gravity updater in Pi-hole up to and including 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data...
Pi-hole Pi-hole
2 Github repositories
8.8
CVSSv3
CVE-2017-5943
Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2 allows remote malicious users to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.11
Bestpractical Request Tracker 4.0.12
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.2.1
Bestpractical Request Tracker 4.2.2
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.2.4
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.13
Bestpractical Request Tracker 4.0.15
Bestpractical Request Tracker 4.0.22
Bestpractical Request Tracker 4.0.24
Bestpractical Request Tracker 4.2.6
Bestpractical Request Tracker 4.2.8
Bestpractical Request Tracker 4.2.13
Bestpractical Request Tracker 4.4.0
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.2
8.8
CVSSv3
CVE-2017-5944
The dashboard subscription interface in Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.12
Bestpractical Request Tracker 4.0.14
Bestpractical Request Tracker 4.0.19
Bestpractical Request Tracker 4.0.21
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.2.5
Bestpractical Request Tracker 4.2.12
Bestpractical Request Tracker 4.4.1
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.23
Bestpractical Request Tracker 4.0.24
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.2.1
Bestpractical Request Tracker 4.2.2
Bestpractical Request Tracker 4.4.0
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.1
8.4
CVSSv3
CVE-2016-2463
Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x prior to 4.4.4, 5.0.x prior to 5.0.2, 5.1.x prior to 5.1.1, and 6.x prior to 2016-06-01 allow remote malicious users to execute arbitrary code or cause a denial of service (memory ...
Google Android 5.1.0
Google Android 5.0.1
Google Android 4.4
Google Android 4.3
Google Android 4.2.1
Google Android 4.0.3
Google Android 4.0.1
Google Android 5.0
Google Android 4.4.3
Google Android 4.4.2
Google Android 4.4.1
Google Android 6.0.1
Google Android 4.2
Google Android 4.1.2
Google Android 4.1
Google Android 4.0.4
Google Android 6.0
Google Android 5.1
Google Android 4.3.1
Google Android 4.2.2
Google Android 4.0.2
Google Android 4.0
8.4
CVSSv3
CVE-2016-0848
Race condition in Download Manager in Android 4.x prior to 4.4.4, 5.0.x prior to 5.0.2, 5.1.x prior to 5.1.1, and 6.x prior to 2016-04-01 allows malicious users to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstr...
Google Android 4.4.3
Google Android 4.4.2
Google Android 4.4.1
Google Android 4.4
Google Android 4.3.1
Google Android 5.1
Google Android 5.0
Google Android 4.2.2
Google Android 4.2
Google Android 4.0.2
Google Android 4.0
Google Android 6.0.1
Google Android 6.0
Google Android 4.1.2
Google Android 4.1
Google Android 4.0.4
Google Android 4.0.3
Google Android 5.1.0
Google Android 5.0.1
Google Android 4.3
Google Android 4.2.1
Google Android 4.0.1
8.2
CVSSv3
CVE-2021-44224
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server ...
Apache Http Server
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Tenable Tenable.sc
Oracle Http Server 12.2.1.3.0
Oracle Communications Operations Monitor 4.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Http Server -
Oracle Http Server 12.2.1.4.0
Oracle Communications Operations Monitor 4.3
Oracle Communications Operations Monitor 4.4
Oracle Communications Operations Monitor 5.0
Oracle Communications Element Manager
Oracle Communications Session Report Manager
Oracle Communications Session Route Manager
Apple Macos
Apple Mac Os X 10.15.7
8.1
CVSSv3
CVE-2023-23926
APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 (4.4 branch) in Neo4j graph database. XML External Entity (XXE) inject...
Neo4j Awesome Procedures On Cyper
8.1
CVSSv3
CVE-2021-41072
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs ...
Squashfs-tools Project Squashfs-tools 4.5
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.1
CVSSv3
CVE-2021-40153
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing...
Squashfs-tools Project Squashfs-tools 4.5
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 33
8.1
CVSSv3
CVE-2016-6606
An issue exists in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initial...
Phpmyadmin Phpmyadmin 4.4.15.2
Phpmyadmin Phpmyadmin 4.4.15.1
Phpmyadmin Phpmyadmin 4.4.11
Phpmyadmin Phpmyadmin 4.4.10
Phpmyadmin Phpmyadmin 4.4.3
Phpmyadmin Phpmyadmin 4.4.2
Phpmyadmin Phpmyadmin 4.4.15.4
Phpmyadmin Phpmyadmin 4.4.15.3
Phpmyadmin Phpmyadmin 4.4.13
Phpmyadmin Phpmyadmin 4.4.12
Phpmyadmin Phpmyadmin 4.4.6
Phpmyadmin Phpmyadmin 4.4.5
Phpmyadmin Phpmyadmin 4.4.4
Phpmyadmin Phpmyadmin 4.4.15.7
Phpmyadmin Phpmyadmin 4.4.15
Phpmyadmin Phpmyadmin 4.4.14.1
Phpmyadmin Phpmyadmin 4.4.9
Phpmyadmin Phpmyadmin 4.4.8
Phpmyadmin Phpmyadmin 4.4.1.1
Phpmyadmin Phpmyadmin 4.4.1
Phpmyadmin Phpmyadmin 4.4.15.6
Phpmyadmin Phpmyadmin 4.4.15.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »