Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-14840
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
Teamworktec Ticketplus -
1 EDB exploit
NA
CVE-2009-4819
Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote malicious users to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpic...
Stoverud Phphotoalbum 0.5
Stoverud Phphotoalbum 0.4
Stoverud Phphotoalbum 0.3
1 EDB exploit
NA
CVE-2005-4423
Unrestricted file upload vulnerability in PHPFM prior to 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell.&q...
1 EDB exploit
NA
CVE-2005-0691
PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote malicious users to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code.
Socialmpn Socialmpn 1.2.3
Socialmpn Socialmpn 1.2.4
Socialmpn Socialmpn 1.2.5
Socialmpn Socialmpn 1.2.1
Socialmpn Socialmpn 1.2.2
1 EDB exploit
NA
CVE-2010-5099
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.9, and 4.4.x prior to 4.4.5 does not properly filter file types, which allows remote malicious users to bypass intended access restrictions and access arb...
Typo3 Typo3 4.2.0
Typo3 Typo3 4.2.7
Typo3 Typo3 4.2.8
Typo3 Typo3 4.2.15
Typo3 Typo3 4.2.3
Typo3 Typo3 4.2.4
Typo3 Typo3 4.2.11
Typo3 Typo3 4.2.12
Typo3 Typo3 4.2.5
Typo3 Typo3 4.2.6
Typo3 Typo3 4.2.13
Typo3 Typo3 4.2.14
Typo3 Typo3 4.2.1
Typo3 Typo3 4.2.2
Typo3 Typo3 4.2.9
Typo3 Typo3 4.2.10
Typo3 Typo3 4.3.7
Typo3 Typo3 4.3.8
Typo3 Typo3 4.3.2
Typo3 Typo3 4.3.3
Typo3 Typo3 4.3.4
Typo3 Typo3 4.3.5
1 EDB exploit
7.5
CVSSv3
CVE-2015-4181
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 up to and including 2.5 allows remote malicious users to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely fro...
Phpmybackuppro Phpmybackuppro 2.2
Phpmybackuppro Phpmybackuppro 2.3
Phpmybackuppro Phpmybackuppro 2.4
Phpmybackuppro Phpmybackuppro 2.1
Phpmybackuppro Phpmybackuppro 2.5
1 EDB exploit
NA
CVE-2008-6942
Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to...
Scriptsfeed Realtor Classifieds System -
3 EDB exploits
NA
CVE-2008-6943
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/.
Scriptsfeed Recipes Listing Portal
3 EDB exploits
NA
CVE-2008-6944
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/.
Scriptsfeed Auto Classifieds -
3 EDB exploits
NA
CVE-2012-0209
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote malicious u...
Horde Groupware 1.2.10
Horde Horde 3.3.12
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »