Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
larry w. cashdollar vulnerabilities and exploits
(subscribe to this query)
505
VMScore
CVE-2015-5468
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin prior to 2.6 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.
Wpshopstyling Wp E-commerce Shop Styling
1 EDB exploit
625
VMScore
CVE-2001-0059
patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.
Sun Sunos 5.7
1 EDB exploit
625
VMScore
CVE-2003-0265
Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local malicious users to gain root privileges by modifying the files before the permissions are changed.
Sap Sap Db 7.4.3.7 Beta
Sap Sap Db 7.3.29
1 EDB exploit
755
VMScore
CVE-2015-4455
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct...
Aviary Image Editor Add-on For Gravity Forms Project Aviary Image Editor Add-on For Gravity Forms
1 EDB exploit
725
VMScore
CVE-2003-0497
Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.
Intersystems Cache Database 5
1 EDB exploit
125
VMScore
CVE-2002-0296
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
Tarantella Tarantella Enterprise 3.10
Tarantella Tarantella Enterprise 3.11
Tarantella Tarantella Enterprise 3.0
Tarantella Tarantella Enterprise 3.01
Tarantella Tarantella Enterprise 3.20
1 EDB exploit
828
VMScore
CVE-2013-1933
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in a PDF filename.
Documentcloud Karteek-docsplit 0.5.4
725
VMScore
CVE-2001-0764
Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument.
Juergen Schoenwaelder Scotty 2.1.8
Juergen Schoenwaelder Scotty 2.1.9
Juergen Schoenwaelder Scotty 2.1.10
Juergen Schoenwaelder Scotty 2.1.7
1 EDB exploit
578
VMScore
CVE-2016-1000119
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
Huge-it Catalog 1.0.4
312
VMScore
CVE-2016-1000121
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
Huge-it Slider 1.0.9
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »