Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload manager file upload manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38404
The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) prior to 8.0.0.410 allows an authenticated malicious user to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote...
Veritas Infoscale Operations Manager
10
CVSSv2
CVE-2009-4189
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote malicious users to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servle...
Hp Operations Manager
1 EDB exploit
4.3
CVSSv2
CVE-2018-5306
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x prior to 3.8 allow remote malicious users to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/...
Sonatype Nexus Repository Manager
4.3
CVSSv2
CVE-2018-5307
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x prior to 2.14.6 allow remote malicious users to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDeta...
Sonatype Nexus Repository Manager
6.8
CVSSv2
CVE-2008-7062
Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads...
Lovecms Lovecms 1.6.2
1 EDB exploit
NA
CVE-2023-52221
Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a up to and including 1.5.1.
Ukrsolution Barcode Scanner And Inventory Manager
9
CVSSv2
CVE-2019-15104
An issue exists in Zoho ManageEngine OpManager up to and including 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently...
Zohocorp Manageengine Applications Manager
NA
CVE-2023-51772
One Identity Password Manager prior to 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape seque...
Oneidentity Password Manager
9
CVSSv2
CVE-2019-15105
An issue exists in Zoho ManageEngine Application Manager up to and including 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can con...
Zohocorp Manageengine Applications Manager
NA
CVE-2022-2420
A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the local network. The exploit has ...
Eveo Urve Web Manager -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »