Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2020-36246
Amaze File Manager prior to 3.5.1 allows malicious users to obtain root privileges via shell metacharacters in a symbolic link.
Amaze File Manager Project Amaze File Manager
605
VMScore
CVE-2021-32263
ok-file-formats through 2021-04-29 has a heap-based buffer overflow in the ok_csv_circular_buffer_read function in ok_csv.c.
Ok-file-formats Project Ok-file-formats
383
VMScore
CVE-2018-3726
crud-file-server node module prior to 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
Crud-file-server Project Crud-file-server
NA
CVE-2022-4764
The Simple File Downloader WordPress plugin up to and including 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stor...
Simple File Downloader Project Simple File Downloader
668
VMScore
CVE-2017-8297
A path traversal vulnerability exists in simple-file-manager prior to 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component).
Simple-file-manager Project Simple-file-manager
383
VMScore
CVE-2009-4647
Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance prior to 7_0_296 allows remote malicious users to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.
Accellion Secure File Transfer Appliance 7 0 135
Accellion Secure File Transfer Appliance 7 0 259
Accellion Secure File Transfer Appliance 7 0 178
Accellion Secure File Transfer Appliance 7 0 189
755
VMScore
CVE-2006-4122
Simple one-file guestbook 1.0 and previous versions allows remote malicious users to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php.
Simple One-file Guestbook Simple One-file Guestbook
1 EDB exploit
801
VMScore
CVE-2020-7998
An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service.
Super File Explorer Project Super File Explorer 1.0.1
1 Github repository
668
VMScore
CVE-2018-18912
An issue exists in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote malicious users to execute arbitrary code.
Sharing-file Easy File Sharing Web Server 7.2
505
VMScore
CVE-2018-19043
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.
Media File Manager Project Media File Manager 1.4.2
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »