Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pydio pydio vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2019-12903
Pydio Cells prior to 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information.
Pydio Cells
356
VMScore
CVE-2018-1999017
Pydio version 8.2.0 and previous versions contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests th...
Pydio Pydio
355
VMScore
CVE-2014-1665
Cross-site scripting (XSS) vulnerability in ownCloud prior to 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
Owncloud Owncloud
1 EDB exploit
312
VMScore
CVE-2020-12849
Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user.
Pydio Cells 2.0.4
312
VMScore
CVE-2019-10047
A stored XSS vulnerability exists in the web application of Pydio up to and including 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards ...
Pydio Pydio
NA
CVE-2023-32750
Pydio Cells up to and including 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and sa...
Pydio Cells
NA
CVE-2023-32751
Pydio Cells up to and including 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the w...
Pydio Cells
NA
CVE-2023-32749
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user,...
Pydio Cells
1 Github repository
NA
CVE-2023-2980
A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler. The manipulation leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit ha...
Abstrium Pydio Cells 4.2.0
NA
CVE-2023-2981
A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the component Chat. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been d...
Abstrium Pydio Cells 4.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »