Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-43659
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
Halo Halo 1.4.14
7.2
CVSSv3
CVE-2022-23906
CMS Made Simple v2.2.15 exists to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.
Cmsmadesimple Cms Made Simple 2.2.15
NA
CVE-2006-5650
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote malicious users to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
Aol Icq 5.1
2 EDB exploits
1 Github repository
NA
CVE-2004-1969
The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and previous versions allows remote malicious users to execute arbitrary script by uploading files that include scripting code such as Javascript.
NA
CVE-2005-0629
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters.
427bb Fourtwosevenbb 2.2
427bb Fourtwosevenbb 2.2.1
427bb Fourtwosevenbb 2.0
427bb Fourtwosevenbb 2.0.1
427bb Fourtwosevenbb 2.1
427bb Fourtwosevenbb 2.1.1
427bb Fourtwosevenbb 2.1.2
427bb Fourtwosevenbb 2.1.3
1 EDB exploit
6.1
CVSSv3
CVE-2017-8778
GitLab prior to 8.14.9, 8.15.x prior to 8.15.6, and 8.16.x prior to 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
Gitlab Gitlab 8.16.0
Gitlab Gitlab 8.15.0
Gitlab Gitlab 8.15.1
Gitlab Gitlab 8.15.2
Gitlab Gitlab 8.15.3
Gitlab Gitlab 8.16.2
Gitlab Gitlab 8.16.4
Gitlab Gitlab 8.15.4
Gitlab Gitlab
Gitlab Gitlab 8.16.1
Gitlab Gitlab 8.16.3
Gitlab Gitlab 8.15.5
9.8
CVSSv3
CVE-2021-44093
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
Zrlog Zrlog 2.2.2
8.8
CVSSv3
CVE-2022-46610
72crm v9 exists to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows malicious users to execute arbitrary code via a crafted PHP file.
72crm Wukong Crm 9.0
NA
CVE-2007-4831
Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote malicious users to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters.
Torrenttrader Torrenttrader 1.07
NA
CVE-2007-1726
Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/.
Icebb Icebb 1.0 Rc 5
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »