Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
directory pro vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-5236
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Rapid7 Appspider Pro
7.8
CVSSv3
CVE-2019-18958
Nitro Pro prior to 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed.
Gonitro Nitro Pro
8.8
CVSSv3
CVE-2017-7442
Nitro Pro 11.0.3.173 allows remote malicious users to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
Gonitro Nitro Pro 11.0.3.173
1 EDB exploit
NA
CVE-2008-3240
SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote malicious users to execute arbitrary SQL commands via the pgm parameter in a directory action.
Alstrasoft Affiliate Network Pro
1 EDB exploit
NA
CVE-2001-0394
Remote manager service in Website Pro 3.0.37 allows remote malicious users to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.
Oreilly Website Pro 3.0.37
NA
CVE-2014-9372
Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) prior to 7103 allows remote malicious users to delete arbitrary files via a .. (dot dot) in a filename.
Manageengine Password Manager Pro
6.1
CVSSv3
CVE-2017-16962
The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro prior to 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting...
Communigate Communigate Pro
1 EDB exploit
6.5
CVSSv3
CVE-2022-38121
UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file.
Upspowercom Upsmon Pro 2.57
NA
CVE-2007-6554
Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and previous versions allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php.
George Lewe Teamcal Pro
1 EDB exploit
NA
CVE-2008-0333
Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote malicious users to read arbitrary files via a .. (dot dot) in the temp_filename parameter.
Afterlogic Mailbee Webmail Pro 4.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »