Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-9155
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel.
Avatar Uploader Project Avatar Uploader 7.x-1.0
Avatar Uploader Project Avatar Uploader 7.x-1.x-dev
Avatar Uploader Project Avatar Uploader 6.x-1.0
Avatar Uploader Project Avatar Uploader 6.x-1.1
NA
CVE-2014-5240
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress prior to 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.5.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.4.2
Wordpress Wordpress 3.7
Wordpress Wordpress 3.8
Wordpress Wordpress 3.0
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.3
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.9.0
NA
CVE-2013-3981
The Meeting Server in IBM Sametime 8.x up to and including 8.5.2.1 and 9.x up to and including 9.0.0.1 allows remote malicious users to download avatar photos of arbitrary users via unspecified vectors.
Ibm Sametime 9.0.0.1
Ibm Sametime 8.5.2.0
Ibm Sametime 8.5.1.0
Ibm Sametime 8.5.2.1
Ibm Sametime 8.5.1.1
Ibm Sametime 8.0.0.0
Ibm Sametime 9.0.0.0
Ibm Sametime 8.0.1.1
Ibm Sametime 8.0.1.0
Ibm Sametime 8.5.0.0
Ibm Sametime 8.0.2.1
Ibm Sametime 8.0.2.0
NA
CVE-2013-4465
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum prior to 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the fi...
Simplemachines Simple Machines Forum 1.0.15
Simplemachines Simple Machines Forum 1.1.6
Simplemachines Simple Machines Forum 1.1.15
Simplemachines Simple Machines Forum 1.1.8
Simplemachines Simple Machines Forum 1.1.5
Simplemachines Simple Machines Forum 1.1.11
Simplemachines Simple Machines Forum 1.1.14
Simplemachines Simple Machines Forum 1.0.14
Simplemachines Simple Machines Forum 1.0.8
Simplemachines Simple Machines Forum 1.1.16
Simplemachines Simple Machines Forum 1.1.1
Simplemachines Simple Machines Forum 1.0.2
Simplemachines Simple Machines Forum 1.0.12
Simplemachines Simple Machines Forum 1.0.16
Simplemachines Simple Machines Forum 2.0.4
Simplemachines Simple Machines Forum 1.0
Simplemachines Simple Machines Forum 1.0.9
Simplemachines Simple Machines Forum 1.0.23
Simplemachines Simple Machines Forum 1.0.21
Simplemachines Simple Machines Forum 1.0.6
Simplemachines Simple Machines Forum 2.1
Simplemachines Simple Machines Forum 2.0.2
NA
CVE-2011-5133
Unspecified vulnerability in MyBB prior to 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."
Mybb Mybb 1.6.0
Mybb Mybb 1.5.2
Mybb Mybb 1.4.8
Mybb Mybb 1.4.1
Mybb Mybb 1.4.15
Mybb Mybb 1.4.0
Mybb Mybb 1.3
Mybb Mybb 1.2.12
Mybb Mybb 1.2.9
Mybb Mybb 1.2.6
Mybb Mybb 1.2.5
Mybb Mybb 1.1.6
Mybb Mybb 1.1.1
Mybb Mybb 1.6.1
Mybb Mybb 1.6.2
Mybb Mybb 1.6.3
Mybb Mybb 1.5.1
Mybb Mybb 1.4.13
Mybb Mybb 1.4.12
Mybb Mybb 1.4.7
Mybb Mybb 1.4.5
Mybb Mybb 1.2.13
NA
CVE-2012-2670
manageuser.php in Collabtive prior to 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then ...
O-dyn Collabtive 0.7
O-dyn Collabtive 0.6.5
O-dyn Collabtive 0.6.4
O-dyn Collabtive
NA
CVE-2011-0771
The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded f...
Janrain Rpx 6.x-1.3
6.5
CVSSv3
CVE-2009-4449
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibl...
Mybboard Mybb 1.4.10
NA
CVE-2009-3803
Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /comment, (3) /forum, (4) /blog, and (5) /tags; the status_message...
Amirocms Amiro.cms
Amirocms Amiro.cms 5.2.3
Amirocms Amiro.cms 4.2.2.0
Amirocms Amiro.cms 4.2.1.0
Amirocms Amiro.cms 5.0.7
Amirocms Amiro.cms 4.2.5
Amirocms Amiro.cms 4.2.4
Amirocms Amiro.cms 4.2.3.0
Amirocms Amiro.cms 5.2.2
Amirocms Amiro.cms 5.2
Amirocms Amiro.cms 4.2.0.5
Amirocms Amiro.cms 4.0.8.0
1 EDB exploit
NA
CVE-2008-7157
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and previous versions allows remote malicious users to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in upl...
Ekinboard Ekinboard
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »