Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-20588
File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote malicious users to run arbitrary code via avatar upload to index.php.
Ibarn Project Ibarn 1.5
383
VMScore
CVE-2021-35303
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote malicious users to execute arbitrary web script or HTML via the User Avatar attribute.
Zammad Zammad
435
VMScore
CVE-2006-7080
Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and previous versions allows remote malicious users to delete arbitrary files via ".." sequences in the old_avatar parameter.
Exv2 Content Management System
1 EDB exploit
668
VMScore
CVE-2020-19302
An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows malicious users to open a webshell via changing uploaded file suffixes to ".php".
Vaethink Vaethink 1.0.1
NA
CVE-2023-49444
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow malicious users to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.
Html-js Doracms 2.1.8
534
VMScore
CVE-2020-12846
Zimbra prior to 8.8.15 Patch 10 and 9.x prior to 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox ...
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
Synacor Zimbra Collaboration Suite 9.0.0
NA
CVE-2023-30791
Plane version 0.7.1-dev allows an malicious user to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.
Plane Plane 0.7.1
NA
CVE-2023-43838
An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows malicious users to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.
Personal-management-system Personal Management System 1.4.64
1 Github repository
445
VMScore
CVE-2013-3981
The Meeting Server in IBM Sametime 8.x up to and including 8.5.2.1 and 9.x up to and including 9.0.0.1 allows remote malicious users to download avatar photos of arbitrary users via unspecified vectors.
Ibm Sametime 9.0.0.1
Ibm Sametime 8.5.2.0
Ibm Sametime 8.5.1.0
Ibm Sametime 8.5.2.1
Ibm Sametime 8.5.1.1
Ibm Sametime 8.0.0.0
Ibm Sametime 9.0.0.0
Ibm Sametime 8.0.1.1
Ibm Sametime 8.0.1.0
Ibm Sametime 8.5.0.0
Ibm Sametime 8.0.2.1
Ibm Sametime 8.0.2.0
312
VMScore
CVE-2021-43659
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
Halo Halo 1.4.14
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »