Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2012-0209
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote malicious u...
Horde Groupware 1.2.10
Horde Horde 3.3.12
1 EDB exploit
650
VMScore
CVE-2006-1114
Multiple directory traversal vulnerabilities in Loudblog prior to 0.42 allow remote malicious users to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (...
Gerrit Van Aaken Loudblog 0.41
2 EDB exploits
755
VMScore
CVE-2012-1198
base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote malicious users to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action.
Secureideas Basic Analysis And Security Engine 1.4.5
1 EDB exploit
605
VMScore
CVE-2021-40858
Auerswald COMpact 5500R devices prior to 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.
Auerswald Compact 5500r Ip Firmware
Auerswald Compact 5200r Ip Firmware
Auerswald Compact 5000r Ip Firmware
Auerswald Compact 4000 Ip Firmware
Auerswald Commander 6000r Ip Firmware
Auerswald Commander 6000rx Ip Firmware
Auerswald Commander Business\\(19\\\"\\) Ip Firmware
Auerswald Commander Basic.2\\(19\\\"\\) Ip Firmware
Auerswald Compact 5010 Voip Ip Firmware
Auerswald Compact 5020 Voip Ip Firmware
655
VMScore
CVE-2008-2488
admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts.
Beaussier Roomphplanning 1.5
1 EDB exploit
1000
VMScore
CVE-2008-2832
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote malicious users to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in cale...
Fullrevolution Aspwebcalendar2008
1 EDB exploit
1000
VMScore
CVE-2008-2833
admin/upload.php in le.cms 1.4 and previous versions allows remote malicious users to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload pa...
Worldlevel Le.cms
1 EDB exploit
655
VMScore
CVE-2017-14838
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
Teamworktec Job Links -
1 EDB exploit
405
VMScore
CVE-2017-14841
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
Dasinfomedia Annual Maintenance Contract Management System -
1 EDB exploit
755
VMScore
CVE-2006-3381
SturGeoN Upload allows remote malicious users to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product.
Sturgeon Upload Sturgeon Upload
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »