Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-4423
Unrestricted file upload vulnerability in PHPFM prior to 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell.&q...
1 EDB exploit
5.5
CVSSv3
CVE-2014-0243
Check_MK up to and including 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
Check Mk Project Check Mk 1.2.5
Check Mk Project Check Mk
NA
CVE-2007-4047
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote malicious users to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request w...
Geoblog Geoblog 1
2 EDB exploits
7.5
CVSSv3
CVE-2018-12053
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
Schools Alert Management Script Project Schools Alert Management Script -
1 EDB exploit
7.1
CVSSv3
CVE-2022-20850
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local malicious user to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An...
Cisco Sd-wan Vsmart Controller
Cisco Sd-wan Vmanage
Cisco Sd-wan Vbond Orchestrator
Cisco Ios Xe Sd-wan
Cisco Sd-wan
NA
CVE-2007-1773
Multiple directory traversal vulnerabilities in aBitWhizzy allow remote malicious users to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384.
Unverse.net Abitwhizzy
2 EDB exploits
NA
CVE-2008-6178
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote malicious users to execute arbitrary code by creating a file with PHP sequences preceded by...
Phplist Phplist 2.10.1
Fckeditor Fckeditor 2.4.3
Phplist Phplist 2.10.5
Phplist Phplist 2.10.4
Fckeditor Fckeditor 2.3beta
Fckeditor Fckeditor 2.0rc2
Fckeditor Fckeditor 2.0rc3
Fckeditor Fckeditor 2.2
Phplist Phplist 2.10.3
Phplist Phplist 2.10.2
Phplist Phplist 2.10.6
2 EDB exploits
NA
CVE-2012-1661
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and previous versions does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote malicious users to execute arbitrary VBA code via a crafted map (.mxd) file.
Esri Arcgis
Esri Arcgis 9.0
Esri Arcmap 9.0
1 EDB exploit
6.5
CVSSv3
CVE-2018-18760
RhinOS 3.0 build 1190 allows CSRF.
Saltos Rhinos 3.0
1 EDB exploit
NA
CVE-2005-3507
Directory traversal vulnerability in CuteNews 1.4.1 allows remote malicious users to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.
Cutephp Cutenews
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »