Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2008-2907
SQL injection vulnerability in admin/index.php in WebChamado 1.1, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the eml parameter.
Webchamado Webchamado 1.1
1 EDB exploit
7.5
CVSSv2
CVE-2006-3381
SturGeoN Upload allows remote malicious users to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product.
Sturgeon Upload Sturgeon Upload
1 EDB exploit
7.8
CVSSv2
CVE-2007-1303
Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.
Rrdbrowse Rrdbrowse
1 EDB exploit
9.3
CVSSv2
CVE-2009-4148
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote malicious users to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnera...
Daz3d Daz Studio 2.3.3.161
Daz3d Daz Studio 2.3.3.163
Daz3d Daz Studio 3.0.1.135
1 EDB exploit
6.5
CVSSv2
CVE-2008-3093
Unrestricted file upload vulnerability in ImperialBB 2.3.5 and previous versions allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the Upload_Avatar parameter and sending the image/gif content type.
Phplizardo Imperialbb
1 EDB exploit
5
CVSSv2
CVE-2006-1704
Sire 2.0 nws allows remote malicious users to upload arbitrary image files without authentication via a direct request to upload.php.
Hubert Plisson Sire 2.0
1 EDB exploit
9.4
CVSSv2
CVE-2021-46424
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote malicious user to delete any file, even system internal files, via a DELETE request.
Telesquare Tlr-2005ksh Firmware 1.0.0
6.4
CVSSv2
CVE-2013-5984
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber prior to 0.830 allows remote malicious users to delete arbitrary files via a .. (dot dot) in the file parameter.
Microweber Microweber
7.5
CVSSv2
CVE-2007-5230
admin/upload_files.php in Zomplog 3.8.1 and previous versions does not check for administrative credentials, which allows remote malicious users to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231.
Zomplog Zomplog 3.7.6
Zomplog Zomplog 3.8
Zomplog Zomplog 3.8.1
Zomplog Zomplog 3.7
1 EDB exploit
6.5
CVSSv2
CVE-2017-14838
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
Teamworktec Job Links -
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »