Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-3029
EVOLUCARE ECSIMAGING (aka ECS Imaging) up to and including 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability...
Evolucare Ecs Imaging
10
CVSSv2
CVE-2020-28464
This affects the package djv prior to 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.
Djv Project Djv
10
CVSSv2
CVE-2020-28187
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated malicious users to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtabl...
Terra-master Tos
10
CVSSv2
CVE-2020-29552
An issue exists in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root.
Urve Urve 24.03.2020
10
CVSSv2
CVE-2020-35489
The contact-form-7 (aka Contact Form 7) plugin prior to 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
Rocklobster Contact Form 7
4 Github repositories
10
CVSSv2
CVE-2020-5639
Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote malicious users to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed.
Soliton Filezen
10
CVSSv2
CVE-2020-29311
Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software.
Ubilling Ubilling 1.0.9
10
CVSSv2
CVE-2020-25537
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.
Ucms Project Ucms 1.5.0
10
CVSSv2
CVE-2020-28130
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).
Online Library Management System Project Online Library Management System 1.0
10
CVSSv2
CVE-2020-17051
Windows Network File System Remote Code Execution Vulnerability
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2019 -
Microsoft Windows Server 2016 1903
Microsoft Windows Server 2016 1909
Microsoft Windows Server 2016 2004
Microsoft Windows Server 2016 20h2
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »