Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload manager file upload manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-4427
changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and previous versions does not require administrative authentication, which allows remote malicious users to change arbitrary passwords.
Phlatline Personal Information Manager
3 EDB exploits
NA
CVE-2008-4428
Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and previous versions allows remote malicious users to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-l...
Phlatline Personal Information Manager
3 EDB exploits
NA
CVE-2008-4528
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.
Phlatline Personal Information Manager 1.01
4 EDB exploits
NA
CVE-2008-4426
Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote malicious users to inject arbitrary web script or HTML via the date parameter in a new action.
Phlatline Personal Information Manager 1.0
3 EDB exploits
NA
CVE-2008-4425
Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote malicious users to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action.
Phlatline Personal Information Manager 1.0
3 EDB exploits
NA
CVE-2010-3600
Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previ...
Oracle Database Server 11.1.0.7
Oracle Database Server 11.2.0.1
Oracle Enterprise Manager Grid Control 10.2.0.5
1 EDB exploit
8.8
CVSSv3
CVE-2021-24347
The SP Project & Document Manager WordPress plugin prior to 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It exists that php files...
Smartypantsplugins Sp Project \\& Document Manager
NA
CVE-2013-6955
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 prior to 4.0-2259, 4.2 prior to 4.2-3243, and 4.3 prior to 4.3-3810 Update 1 allows remote malicious users to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPL...
Synology Diskstation Manager 4.3
Synology Diskstation Manager 4.2
Synology Diskstation Manager 4.0
Synology Diskstation Manager 4.3-3810
1 EDB exploit
NA
CVE-2012-5201
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) prior to 5.2 E0401 allows remote malicious users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.
Hp Intelligent Management Center 5.0
Hp Intelligent Management Center
Hp Intelligent Management Center 5.1
Hp Intelligent Management Center For Automated Network Manager
1 EDB exploit
9.8
CVSSv3
CVE-2021-42099
Zoho ManageEngine M365 Manager Plus prior to 4421 is vulnerable to file-upload remote code execution.
Zohocorp Manageengine M365 Manager Plus -
Zohocorp Manageengine M365 Manager Plus Build 4000
Zohocorp Manageengine M365 Manager Plus Build 4001
Zohocorp Manageengine M365 Manager Plus Build 4002
Zohocorp Manageengine M365 Manager Plus Build 4003
Zohocorp Manageengine M365 Manager Plus Build 4004
Zohocorp Manageengine M365 Manager Plus Build 4005
Zohocorp Manageengine M365 Manager Plus Build 4007
Zohocorp Manageengine M365 Manager Plus Build 4008
Zohocorp Manageengine M365 Manager Plus Build 4009
Zohocorp Manageengine M365 Manager Plus Build 4010
Zohocorp Manageengine M365 Manager Plus Build 4011
Zohocorp Manageengine M365 Manager Plus Build 4012
Zohocorp Manageengine M365 Manager Plus Build 4013
Zohocorp Manageengine M365 Manager Plus Build 4014
Zohocorp Manageengine M365 Manager Plus Build 4100
Zohocorp Manageengine M365 Manager Plus Build 4101
Zohocorp Manageengine M365 Manager Plus Build 4102
Zohocorp Manageengine M365 Manager Plus Build 4103
Zohocorp Manageengine M365 Manager Plus Build 4104
Zohocorp Manageengine M365 Manager Plus Build 4105
Zohocorp Manageengine M365 Manager Plus Build 4106
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »