Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
directory pro vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-26918
Diasoft File Replication Pro 7.5.0 allows malicious users to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.
Filereplicationpro File Replication Pro 7.5.0
9.8
CVSSv3
CVE-2022-47966
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsib...
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Ad360
Zohocorp Manageengine Ad360 4.3
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Adselfservice Plus 6.2
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Analytics Plus
Zohocorp Manageengine Analytics Plus 5.1
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
Zohocorp Manageengine Key Manager Plus
Zohocorp Manageengine Key Manager Plus 6.4
Zohocorp Manageengine Pam360 5.7
Zohocorp Manageengine Pam360
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 14.0
2 Metasploit modules
6 Github repositories
2 Articles
9.8
CVSSv3
CVE-2021-26293
An issue exists in AfterLogic Aurora up to and including 8.5.3 and WebMail Pro up to and including 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Serve...
Afterlogic Aurora
Afterlogic Webmail Pro
1 Github repository
9.6
CVSSv3
CVE-2016-1524
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and previous versions allow remote malicious users to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then a...
Netgear Prosafe Network Management Software 300
1 EDB exploit
1 Article
8.8
CVSSv3
CVE-2023-37387
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions.
Radiustheme Classified Listing Pro - Classified Ads \\& Business Directory
8.8
CVSSv3
CVE-2020-36666
The directory-pro WordPress plugin prior to 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin prior to 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin prior to 1.0.9, real-estate-pro WordPress plugin prior to 1.7.1, insti...
E-plugins Wp Membership
E-plugins Fitness Trainer
E-plugins Hotel Directory
E-plugins Hospital \\& Doctor Directory
E-plugins Lawyer Directory
E-plugins Institutions Directory
E-plugins Real Estate Pro
E-plugins Final User
E-plugins Directory Pro
E-plugins Photographer-directory
E-plugins Producer-retailer -
8.8
CVSSv3
CVE-2021-24962
The WordPress File Upload Free and Pro WordPress plugins prior to 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plu...
Iptanus Wordpress File Upload
Iptanus Wordpress File Upload Pro
8.8
CVSSv3
CVE-2021-24160
In the Reponsive Menu (free and Pro) WordPress plugins prior to 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote cod...
Expresstech Responsive Menu
1 Github repository
8.8
CVSSv3
CVE-2017-3187
The dotCMS administration panel, versions 3.7.1 and previous versions, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim us...
Dotcms Dotcms
8.8
CVSSv3
CVE-2017-7442
Nitro Pro 11.0.3.173 allows remote malicious users to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
Gonitro Nitro Pro 11.0.3.173
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »