Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2013-2748
Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote malicious users to upload arbitrary files onto the system.
Belkin Wemo Switch Firmware
1 EDB exploit
NA
CVE-2015-5074
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM prior to 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.
X2engine X2crm
1 EDB exploit
9.8
CVSSv3
CVE-2017-15990
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.
Savsofteproducts Phpinventory -
1 EDB exploit
NA
CVE-2011-3230
Apple Safari prior to 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote malicious users to execute arbitrary code via a crafted web site.
Apple Safari
Apple Safari 5.0.6
Apple Safari 4.1.2
Apple Safari 4.1.1
Apple Safari 4.1
Apple Safari 4.0.0b
Apple Safari 4.0
Apple Safari 3.1.2b
Apple Safari 3.1.2
Apple Safari 3.0.4b
Apple Safari 3.0.4
Apple Safari 3.0.2b
Apple Safari 3.0.2
Apple Safari 3.0.0b
Apple Safari 2.0.3
Apple Safari 2
Apple Safari 1.3.2
Apple Safari 1.2.4
Apple Safari 1.2.3
Apple Safari 1.0b1
Apple Safari 1.0
Apple Safari 1.0.0b2
1 EDB exploit
NA
CVE-2010-0366
Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a dire...
Bitscripts Bits Video Script 2.04
Bitscripts Bits Video Script 2.05
2 EDB exploits
9.8
CVSSv3
CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Jquery File Upload Project Jquery File Upload
3 EDB exploits
6 Github repositories
NA
CVE-2009-3890
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress prior to 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code...
Wordpress Wordpress
1 EDB exploit
7.2
CVSSv3
CVE-2016-0709
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed prior to 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry,...
Apache Jetspeed
1 EDB exploit
8.8
CVSSv3
CVE-2016-0710
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed prior to 2.3.1 allow remote malicious users to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
Apache Jetspeed
1 EDB exploit
NA
CVE-2014-9567
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote malicious users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/fil...
Projectsend Projectsend 156
Projectsend Projectsend 102
Projectsend Projectsend 105
Projectsend Projectsend 375
Projectsend Projectsend 405
Projectsend Projectsend 157
Projectsend Projectsend 561
Projectsend Projectsend 100
Projectsend Projectsend 161
Projectsend Projectsend 180
Projectsend Projectsend 335
Projectsend Projectsend 110
Projectsend Projectsend 155
Projectsend Projectsend 412
Projectsend Projectsend 514
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »