Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file project file vulnerabilities and exploits
(subscribe to this query)
8.6
CVSSv3
CVE-2020-24144
Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation.
Media File Organizer Project Media File Organizer 1.0.1
6.1
CVSSv3
CVE-2018-19041
The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
Media File Manager Project Media File Manager 1.4.2
1 EDB exploit
5.3
CVSSv3
CVE-2018-19043
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.
Media File Manager Project Media File Manager 1.4.2
1 EDB exploit
8.1
CVSSv3
CVE-2021-40668
The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write.
Http File Server Project Http File Server 1.4.1
5.5
CVSSv3
CVE-2022-48554
File prior to 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
File Project File 5.41
Debian Debian Linux 11.0
7.8
CVSSv3
CVE-2022-24826
On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the malicious user to execute arbitrary code. This does not affect Unix systems....
Git Large File Storage Project Git Large File Storage
6.5
CVSSv3
CVE-2022-1788
Due to missing checks the Change Uploaded File Permissions WordPress plugin up to and including 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made rea...
Change Uploaded File Permissions Project Change Uploaded File Permissions
7.8
CVSSv3
CVE-2021-21237
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the malicious user to execute arbitrary code. This ...
Git Large File Storage Project Git Large File Storage
8
CVSSv3
CVE-2021-24936
The WP Extra File Types WordPress plugin prior to 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow malicious users to make a logged in admin change them and perform Cross-Site Scripting attacks
Wp Extra File Types Project Wp Extra File Types
8.8
CVSSv3
CVE-2017-17831
GitHub Git LFS prior to 2.1.1 allows remote malicious users to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
Git Large File Storage Project Git Large File Storage
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »