Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-9844
The Iptanus WordPress File Upload plugin prior to 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
Iptanus Wordpress File Upload
1 EDB exploit
NA
CVE-2005-1957
mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote malicious users to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via ...
Adam Mmedici File Upload Manager
6.1
CVSSv3
CVE-2021-37504
A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows malicious users to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name.
Hayageek Jquery Upload File 4.0.11
NA
CVE-2006-6813
SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ID parameter.
Mxmania Mxmania File Upload Manager
1 EDB exploit
6.1
CVSSv3
CVE-2021-23439
This affects the package file-upload-with-preview prior to 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file).
Johndatserakis File-upload-with-preview
4.8
CVSSv3
CVE-2023-2684
The File Renaming on Upload WordPress plugin prior to 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
Wpfactory File Renaming On Upload
NA
CVE-2007-2563
Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote malicious users to execute arbitrary code via a long argument.
Versalsoft Http File Upload Activex Control
2 EDB exploits
NA
CVE-2006-5617
Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote malicious users to read or download arbitrary files via a base64-encoded file path containing a .. (dot dot) sequence in the file parameter.
Thepeak Thepeak File Upload Manager 1.3
NA
CVE-2008-6638
Insecure method vulnerability in the Versalsoft HTTP Image Uploader ActiveX control (UUploaderSvrD.dll 6.0.0.35) allows remote malicious users to delete arbitrary files via the RemoveFileOrDir method.
Versalsoft Http File Upload Activex Control 6.0.0.35
NA
CVE-2008-5283
Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote malicious users to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...
Ghh Google Hack Honeypot File Upload Manager 1.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »