Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pydio pydio vulnerabilities and exploits
(subscribe to this query)
436
VMScore
CVE-2019-10049
It is possible for an attacker with regular user access to the web application of Pydio up to and including 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in...
Pydio Pydio
383
VMScore
CVE-2020-12853
Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells.
Pydio Cells 2.0.4
383
VMScore
CVE-2018-1999016
Pydio version 8.2.0 and previous versions contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated ...
Pydio Pydio
383
VMScore
CVE-2015-3432
Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) prior to 6.0.7 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities."
Pydio Pydio
383
VMScore
CVE-2017-5960
An issue exists in Phalcon Eye up to and including 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attack...
Phalconeye Project Phalconeye
356
VMScore
CVE-2021-41324
Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete).
Pydio Cells 2.2.9
356
VMScore
CVE-2021-41323
Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter.
Pydio Cells 2.2.9
356
VMScore
CVE-2021-41325
Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)
Pydio Cells 2.2.9
356
VMScore
CVE-2019-15033
Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.
Pydio Pydio 6.0.8
356
VMScore
CVE-2019-12902
Pydio Cells prior to 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data.
Pydio Cells
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »