Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2020-7817
MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files.
Raonwiz K Upload
356
VMScore
CVE-2020-2208
Jenkins Slack Upload Plugin 1.7 and previous versions stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Slack Upload
NA
CVE-2016-15017
A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is a...
Ecodev Media Upload
668
VMScore
CVE-2021-24171
The WooCommerce Upload Files WordPress plugin prior to 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked&qu...
Woocommerce Upload Files
668
VMScore
CVE-2020-7814
RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download & execution vulnerability in ____COMP...
Raonwiz Raon K Upload
356
VMScore
CVE-2019-1003089
Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Upload To Pgyer
828
VMScore
CVE-2020-7863
A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnera...
Raonwiz Raon K Upload
668
VMScore
CVE-2006-1208
Sergey Korostel PHP Upload Center allows remote malicious users to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory.
Sergey Korostel Php Upload Center
445
VMScore
CVE-2006-1207
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote malicious users to download each password hash via a direct request for the upload/users/[USERNAME] file.
Sergey Korostel Php Upload Center
445
VMScore
CVE-2005-2607
PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload prior to 1.3.1 allows remote malicious users to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters.
Phpsimplicity Simplicity Of Upload 1.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »