Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-16152
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine up to and including 10.0r8a allows malicious users to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to ...
Extremenetworks Aerohive Netconfig
Extremenetworks Aerohive Netconfig 10.0r8a
1 Metasploit module
2 Github repositories
10
CVSSv2
CVE-2021-42669
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by a...
Engineers Online Portal Project Engineers Online Portal -
2 Github repositories
10
CVSSv2
CVE-2021-29212
A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to co...
Hp Ilo Amplifier Pack 1.80
Hp Ilo Amplifier Pack 1.81
Hp Ilo Amplifier Pack 1.90
Hp Ilo Amplifier Pack 1.95
10
CVSSv2
CVE-2020-28960
Chichen Tech CMS v1.0 exists to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters.
Cct95 Chichen Tech Cms 1.0
10
CVSSv2
CVE-2021-40720
Ops CLI version 2.0.4 (and previous versions) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on t...
Adobe Ops-cli
10
CVSSv2
CVE-2021-20125
An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating sy...
Draytek Vigorconnect 1.6.0
10
CVSSv2
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.
Projectsend Projectsend R1295
10
CVSSv2
CVE-2021-33583
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.
Reiner-sct Timecard 6.05.07
10
CVSSv2
CVE-2021-41290
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected devic...
Ecoa Ecs Router Controller-ecs Firmware -
Ecoa Riskbuster Firmware -
Ecoa Riskterminator -
10
CVSSv2
CVE-2021-40146
A Remote Code Execution (RCE) vulnerability exists in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to t...
Apache Any23
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »