Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
690
VMScore
CVE-2008-6785
Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a nam...
Galaxyscripts Mini File Host 1.5
2 EDB exploits
1000
VMScore
CVE-2008-6935
Argument injection vulnerability in Exodus 0.10 allows remote malicious users to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI.
Joe Fuhrman Exodus 0.10
2 EDB exploits
1000
VMScore
CVE-2008-6937
Argument injection vulnerability in Exodus 0.10 allows remote malicious users to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: ...
Jabber Exodus 0.10
2 EDB exploits
130
VMScore
CVE-2001-1346
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
Ca Arcserve Backup 6.63
Broadcom Arcserve Backup 6.61
2 EDB exploits
NA
CVE-2022-20930
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local malicious user to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by inject...
Cisco Sd-wan Vbond Orchestrator 20.8
Cisco Sd-wan Vsmart Controller 20.8
Cisco Sd-wan Vsmart Controller
Cisco Sd-wan Vmanage
Cisco Sd-wan Vbond Orchestrator
Cisco Sd-wan Vbond Orchestrator 20.9
Cisco Sd-wan Vsmart Controller 20.9
Cisco Catalyst Sd-wan Manager 20.9
Cisco Catalyst Sd-wan Manager 20.8
Cisco Sd-wan
Cisco Sd-wan 20.8
Cisco Sd-wan 20.9
715
VMScore
CVE-2010-3714
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x prior to 4.2.15, 4.3.x prior to 4.3.7, and 4.4.x prior to 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote malicious users to read a...
Typo3 Typo3 4.2.3
Typo3 Typo3 4.2.2
Typo3 Typo3 4.2.1
Typo3 Typo3 4.3.0
Typo3 Typo3 4.3.1
Typo3 Typo3 4.4.2
Typo3 Typo3 4.4.3
Typo3 Typo3 4.2.9
Typo3 Typo3 4.2.0
Typo3 Typo3 4.2.13
Typo3 Typo3 4.2.14
Typo3 Typo3 4.3.6
Typo3 Typo3 4.4
Typo3 Typo3 4.4.1
Typo3 Typo3 4.2.7
Typo3 Typo3 4.2.8
Typo3 Typo3 4.2.11
Typo3 Typo3 4.2.12
Typo3 Typo3 4.3.4
Typo3 Typo3 4.3.5
Typo3 Typo3 4.2.5
Typo3 Typo3 4.2.6
1 EDB exploit
940
VMScore
CVE-2008-6936
Argument injection vulnerability in Exodus 0.10 allows remote malicious users to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935.
Jabber Exodus 0.10
2 EDB exploits
440
VMScore
CVE-2012-4253
Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote malicious users to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local ...
Mysqldumper Mysqldumper 1.24.4
2 EDB exploits
650
VMScore
CVE-2006-0660
Multiple directory traversal vulnerabilities in FarsiNews 2.5 and previous versions allows remote malicious users to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbi...
Farsinews Farsinews 2.1
Farsinews Farsinews 2.1 Beta2
Farsinews Farsinews 2.5
2 EDB exploits
935
VMScore
CVE-2009-4148
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote malicious users to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnera...
Daz3d Daz Studio 2.3.3.161
Daz3d Daz Studio 2.3.3.163
Daz3d Daz Studio 3.0.1.135
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »