Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
655
VMScore
CVE-2008-6518
Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request.
Vidiscript Vidiscript -
1 EDB exploit
435
VMScore
CVE-2003-1400
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 up to and including 6.0 allows remote malicious users to inject arbitrary web script or HTML via the user_avatar parameter.
Francisco Burzi Php-nuke 5.2a
Francisco Burzi Php-nuke 5.3.1
Francisco Burzi Php-nuke 5.4
Francisco Burzi Php-nuke 5.5
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 5.0.1
Francisco Burzi Php-nuke 5.6
Francisco Burzi Php-nuke 6.0
Francisco Burzi Php-nuke 5.1
Francisco Burzi Php-nuke 5.2
1 EDB exploit
356
VMScore
CVE-2021-1467
A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote malicious user to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to t...
Cisco Webex Meetings
NA
CVE-2023-52118
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP User Profile Avatar allows Stored XSS.This issue affects WP User Profile Avatar: from n/a up to and including 1.0.
Wp-eventmanager Wp Event Manager
356
VMScore
CVE-2022-0442
The UsersWP WordPress plugin prior to 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.
Ayecode Userswp
383
VMScore
CVE-2006-2282
Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php.
X7 Group X7 Chat 2.0.2
409
VMScore
CVE-2020-11807
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ pat...
Sourcefabric Newscoop 4.4.7
570
VMScore
CVE-2005-0259
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the tar...
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.10
Phpbb Group Phpbb 2.0.11
Phpbb Group Phpbb 2.0.2
Phpbb Group Phpbb 2.0.3
Phpbb Group Phpbb 2.0 Rc3
Phpbb Group Phpbb 2.0 Rc4
Phpbb Group Phpbb 2.0.0
Phpbb Group Phpbb 2.0.5
Phpbb Group Phpbb 2.0.6c
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0 Beta1
Phpbb Group Phpbb 2.0 Rc2
Phpbb Group Phpbb 2.0.6d
Phpbb Group Phpbb 2.0.7
Phpbb Group Phpbb 2.0.7a
Phpbb Group Phpbb 2.0.8
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.6
Phpbb Group Phpbb 2.0.9
Phpbb Group Phpbb 2.0 Rc1
312
VMScore
CVE-2021-37330
Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar,...
Bookingcore Booking Core 2.0
578
VMScore
CVE-2012-2670
manageuser.php in Collabtive prior to 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then ...
O-dyn Collabtive 0.7
O-dyn Collabtive 0.6.5
O-dyn Collabtive 0.6.4
O-dyn Collabtive
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »