Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload manager file upload manager vulnerabilities and exploits
(subscribe to this query)
3.6
CVSSv2
CVE-2017-14771
Skybox Manager Client Application before 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload ...
Skyboxsecurity Skybox Manager Client Application
3.5
CVSSv2
CVE-2019-15108
An issue exists in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
Wso2 Api Manager
6.5
CVSSv2
CVE-2018-16169
Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated malicious users to upload and execute Java code file on the server via unspecified vectors.
Cybozu Remote Service Manager
6.8
CVSSv2
CVE-2008-7139
Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote malicious users to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync ...
Eye.fi Eye-fi Manager 1.1.2
6.4
CVSSv2
CVE-2018-20525
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
Roxyfileman Roxy Fileman 1.4.5
1 EDB exploit
NA
CVE-2023-27168
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows malicious users to execute arbitrary code via a crafted jsp file.
Xpand-it Write-back Manager 2.3.1
6.8
CVSSv2
CVE-2021-34619
The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.
Storeapps Stock Manager For Woocommerce
6.5
CVSSv2
CVE-2016-8515
A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions before 7.6.
Hp Version Control Repository Manager
5.5
CVSSv2
CVE-2019-6513
An issue exists in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
Wso2 Api Manager 2.6.0
4
CVSSv2
CVE-2021-20796
Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated malicious user to upload an arbitrary file via unspecified vectors.
Cybozu Remote Service Manager 3.1.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »