Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
650
VMScore
CVE-2007-4047
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote malicious users to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request w...
Geoblog Geoblog 1
2 EDB exploits
NA
CVE-2022-20850
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local malicious user to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An...
Cisco Sd-wan Vsmart Controller
Cisco Sd-wan Vmanage
Cisco Sd-wan Vbond Orchestrator
Cisco Ios Xe Sd-wan
Cisco Sd-wan
645
VMScore
CVE-2018-12053
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
Schools Alert Management Script Project Schools Alert Management Script -
1 EDB exploit
270
VMScore
CVE-2007-1773
Multiple directory traversal vulnerabilities in aBitWhizzy allow remote malicious users to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384.
Unverse.net Abitwhizzy
2 EDB exploits
510
VMScore
CVE-2005-3507
Directory traversal vulnerability in CuteNews 1.4.1 allows remote malicious users to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.
Cutephp Cutenews
2 EDB exploits
505
VMScore
CVE-2015-4181
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 up to and including 2.5 allows remote malicious users to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely fro...
Phpmybackuppro Phpmybackuppro 2.2
Phpmybackuppro Phpmybackuppro 2.3
Phpmybackuppro Phpmybackuppro 2.4
Phpmybackuppro Phpmybackuppro 2.1
Phpmybackuppro Phpmybackuppro 2.5
1 EDB exploit
505
VMScore
CVE-2009-4050
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote malicious users to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third p...
Phpmybackuppro Phpmybackuppro 2.1
1 EDB exploit
685
VMScore
CVE-2009-4819
Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote malicious users to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpic...
Stoverud Phphotoalbum 0.5
Stoverud Phphotoalbum 0.4
Stoverud Phphotoalbum 0.3
1 EDB exploit
655
VMScore
CVE-2005-4423
Unrestricted file upload vulnerability in PHPFM prior to 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell.&q...
1 EDB exploit
655
VMScore
CVE-2017-14840
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
Teamworktec Ticketplus -
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »