Vulmon
Recent Vulnerabilities
Discussions
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
file upload vulnerabilities and exploits
6.8
CVSSv2
CVE-2007-0497
PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter....
Upload-service
1 EDB exploit available
7.5
CVSSv2
CVE-2012-1205
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter....
Alanft
Relocate-upload
1 EDB exploit available
7.5
CVSSv2
CVE-2002-0081
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled....
Php
2.1
CVSSv2
CVE-2004-0959
rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified....
Php
7.5
CVSSv2
CVE-2007-2025
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file....
Phpwiki
6.8
CVSSv2
CVE-2013-2114
Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension....
Mediawiki
6.8
CVSSv2
CVE-2007-2024
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension....
Phpwiki
7.5
CVSSv2
CVE-2006-4675
Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors....
Andreas Gohr
Dokuwiki
4.6
CVSSv2
CVE-2007-1639
Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calendar or (2) file management...
Phpprojekt
4
CVSSv2
CVE-2006-3336
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability...
Twiki
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
overflow
type confusion
wso2
CVE-2020-5212
api manager
bypass
CVE-2019-10779
CVE-2020-0609
CVE-2020-0674
CVE-2020-7998
CVE-2019-15581
1
2
3
4
5
NEXT »
Vulmon