Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon search directory vulnerabilities and exploits
(subscribe to this query)
831
VMScore
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer prior to 5.2.18 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
9 EDB exploits
120 Github repositories
828
VMScore
CVE-2009-3743
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript prior to 8.71 allows remote malicious users to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an ...
Artifex Gpl Ghostscript 8.64
Artifex Afpl Ghostscript 7.00
Artifex Afpl Ghostscript 6.50
Artifex Afpl Ghostscript 8.14
Artifex Afpl Ghostscript 8.13
Artifex Gpl Ghostscript 8.01
Artifex Ghostscript Fonts 6.0
Artifex Gpl Ghostscript 8.54
Artifex Afpl Ghostscript 8.53
Artifex Afpl Ghostscript 6.01
Artifex Afpl Ghostscript 6.0
Artifex Afpl Ghostscript 8.12
Artifex Afpl Ghostscript 8.11
Artifex Afpl Ghostscript 8.52
Artifex Afpl Ghostscript 8.00
Artifex Gpl Ghostscript 8.15
Artifex Gpl Ghostscript 8.60
Artifex Gpl Ghostscript 8.61
Artifex Gpl Ghostscript 8.56
Artifex Gpl Ghostscript 8.62
Artifex Gpl Ghostscript 8.63
Artifex Afpl Ghostscript 8.54
792
VMScore
CVE-2016-10045
The isMail transport in PHPMailer prior to 5.2.20 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the ...
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
3 EDB exploits
91 Github repositories
668
VMScore
CVE-2022-29155
In OpenLDAP 2.x prior to 2.5.12 and 2.6.x prior to 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lac...
Openldap Openldap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
641
VMScore
CVE-2010-2055
Ghostscript 8.71 and previous versions reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using...
Artifex Afpl Ghostscript 7.03
Artifex Afpl Ghostscript 7.00
Artifex Afpl Ghostscript 6.50
Artifex Afpl Ghostscript 6.01
Artifex Gpl Ghostscript 8.01
Artifex Ghostscript Fonts 6.0
Artifex Gpl Ghostscript 8.62
Artifex Gpl Ghostscript 8.63
Artifex Afpl Ghostscript 8.14
Artifex Afpl Ghostscript 8.13
Artifex Afpl Ghostscript 8.12
Artifex Afpl Ghostscript 8.11
Artifex Gpl Ghostscript 8.51
Artifex Gpl Ghostscript 8.54
Artifex Afpl Ghostscript 8.53
Artifex Afpl Ghostscript 8.54
Artifex Gpl Ghostscript
Artifex Afpl Ghostscript 7.04
Artifex Afpl Ghostscript 6.0
Artifex Afpl Ghostscript 8.52
Artifex Afpl Ghostscript 8.50
Artifex Afpl Ghostscript 8.00
614
VMScore
CVE-2010-5268
Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 30884 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .azw file. NOTE: some of these details are obtained ...
Amazon Kindle For Pc 1.3.0.30884
614
VMScore
CVE-2010-4167
Untrusted search path vulnerability in configure.c in ImageMagick prior to 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.
Imagemagick Imagemagick 6.6.4-10
Imagemagick Imagemagick 6.6.4-9
Imagemagick Imagemagick 6.6.4-1
Imagemagick Imagemagick 6.6.4
Imagemagick Imagemagick 6.6.3-2
Imagemagick Imagemagick 6.6.3-1
Imagemagick Imagemagick 6.6.3
Imagemagick Imagemagick 6.6.2-4
Imagemagick Imagemagick 6.6.2-3
Imagemagick Imagemagick 6.6.1-7
Imagemagick Imagemagick 6.6.1-6
Imagemagick Imagemagick 6.6.0-9
Imagemagick Imagemagick 6.6.0-8
Imagemagick Imagemagick 6.6.0
Imagemagick Imagemagick 6.5.9-10
Imagemagick Imagemagick 6.5.9-2
Imagemagick Imagemagick 6.5.9-1
Imagemagick Imagemagick 6.5.8-3
Imagemagick Imagemagick 6.5.8-2
Imagemagick Imagemagick 6.5.7-5
Imagemagick Imagemagick 6.5.7-4
Imagemagick Imagemagick 6.5.6-8
553
VMScore
CVE-2011-2905
Untrusted search path vulnerability in the perf_config function in tools/perf/util/config.c in perf, as distributed in the Linux kernel prior to 3.1, allows local users to overwrite arbitrary files via a crafted config file in the current working directory.
Linux Linux Kernel 3.0.25
Linux Linux Kernel 3.0.22
Linux Linux Kernel 3.0.5
Linux Linux Kernel 3.0.38
Linux Linux Kernel 3.0.63
Linux Linux Kernel 3.0.46
Linux Linux Kernel 3.0.47
Linux Linux Kernel 3.0.48
Linux Linux Kernel 3.0.18
Linux Linux Kernel 3.0.6
Linux Linux Kernel 3.0.36
Linux Linux Kernel 3.0.35
Linux Linux Kernel 3.0.11
Linux Linux Kernel 3.0.58
Linux Linux Kernel 3.0.34
Linux Linux Kernel 3.0.32
Linux Linux Kernel 3.0.52
Linux Linux Kernel 3.0.51
Linux Linux Kernel 3.0.57
Linux Linux Kernel 3.0.19
Linux Linux Kernel 3.0.37
Linux Linux Kernel 3.0.4
552
VMScore
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 prior to 2.8.7, Puppet prior to 2.7.26 and 3.x prior to 3.6.2, Facter 1.6.x and 2.x prior to 2.0.2, Hiera prior to 1.3.4, and Mcollective prior to 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to ga...
Puppetlabs Facter
Puppet Facter 2.0.1
Puppet Facter 2.0.0
Puppet Marionette Collective
Puppet Hiera
Puppet Puppet
Puppet Puppet Enterprise
517
VMScore
CVE-2021-29425
In Apache Commons IO prior to 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not furt...
Apache Commons Io 2.2
Apache Commons Io 2.3
Apache Commons Io 2.4
Apache Commons Io 2.5
Apache Commons Io 2.6
Debian Debian Linux 9.0
Oracle Weblogic Server 12.1.3.0.0
Oracle Retail Integration Bus 13.0
Oracle Flexcube Core Banking 5.2.0
Oracle Solaris Cluster 4.0
Oracle Access Manager 11.1.2.3.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Webcenter Portal 12.2.1.3.0
Oracle Access Manager 12.2.1.3.0
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Order Broker 16.0
Oracle Banking Platform 2.6.2
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Agile Plm 9.3.6
Oracle Banking Digital Experience 18.3
Oracle Banking Digital Experience 19.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »