Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-43659
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
Halo Halo 1.4.14
NA
CVE-2006-5650
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote malicious users to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
Aol Icq 5.1
2 EDB exploits
1 Github repository
7.2
CVSSv3
CVE-2022-23906
CMS Made Simple v2.2.15 exists to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.
Cmsmadesimple Cms Made Simple 2.2.15
NA
CVE-2013-3981
The Meeting Server in IBM Sametime 8.x up to and including 8.5.2.1 and 9.x up to and including 9.0.0.1 allows remote malicious users to download avatar photos of arbitrary users via unspecified vectors.
Ibm Sametime 9.0.0.0
Ibm Sametime 8.0.1.1
Ibm Sametime 8.5.1.0
Ibm Sametime 8.5.2.1
Ibm Sametime 8.5.1.1
Ibm Sametime 8.5.0.0
Ibm Sametime 9.0.0.1
Ibm Sametime 8.0.1.0
Ibm Sametime 8.5.2.0
Ibm Sametime 8.0.2.0
Ibm Sametime 8.0.2.1
Ibm Sametime 8.0.0.0
NA
CVE-2007-4831
Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote malicious users to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters.
Torrenttrader Torrenttrader 1.07
NA
CVE-2002-2346
phpBB 2.0 up to and including 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote malicious users to obtain client IP addresses.
Phpbb Phpbb 2.0
Phpbb Phpbb 2.0.3
Phpbb Phpbb 2.0.2
Phpbb Phpbb 2.0.1
NA
CVE-2004-1969
The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and previous versions allows remote malicious users to execute arbitrary script by uploading files that include scripting code such as Javascript.
NA
CVE-2005-0629
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters.
427bb Fourtwosevenbb 2.0
427bb Fourtwosevenbb 2.0.1
427bb Fourtwosevenbb 2.1.3
427bb Fourtwosevenbb 2.2.1
427bb Fourtwosevenbb 2.2
427bb Fourtwosevenbb 2.1.1
427bb Fourtwosevenbb 2.1.2
427bb Fourtwosevenbb 2.1
1 EDB exploit
8.8
CVSSv3
CVE-2022-46610
72crm v9 exists to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows malicious users to execute arbitrary code via a crafted PHP file.
72crm Wukong Crm 9.0
6.5
CVSSv3
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
Phpbb Phpbb 3.2.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »