Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-29450
Affected versions of Atlassian Confluence Server and Data Center allow remote malicious users to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.
Atlassian Confluence Server
Atlassian Confluence Data Center
6.5
CVSSv2
CVE-2021-34257
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image.
Wpanel Cms Project Wpanel Cms
5.1
CVSSv2
CVE-2006-4450
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote malicious users to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
Phpbb Group Phpbb 2.0.20
1 EDB exploit
4.3
CVSSv2
CVE-2017-16881
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService...
Symphony Project Symphony 2.2.0
7.5
CVSSv2
CVE-2006-7113
Unrestricted file upload vulnerability in P-News 2.0 allows remote malicious users to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Planerd.net P-news
3.5
CVSSv2
CVE-2017-5494
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution up to and including 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
B2evolution B2evolution
5
CVSSv2
CVE-2006-2530
avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote malicious users to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product.
Snitz Communications Avatar Mod 1.3
7.5
CVSSv2
CVE-2008-0233
Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and previous versions allows remote malicious users to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg.
Zero Cms Zero Cms 1.0 Alpha
1 EDB exploit
NA
CVE-2023-47115
Label Studio is an a popular open source data labeling tool. Versions before 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Ex...
Humansignal Label Studio
6
CVSSv2
CVE-2008-7029
Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in uploads/avatars...
Alilg Aliboard Beta
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »