file upload vulnerabilities and exploits

(subscribe to this query)

File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks....

File Upload Manager File Upload Manager

Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of...

Wordpress File Upload Project Wordpress File Upload

Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors....

Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.1 Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.2 Webform Multiple File Upload Project Webform Multiple File Upload 7.x-1.x Webform Multiple File Upload Project Webform Multiple File Upload 7.x-1.2 Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.0

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0...

Jquery File Upload Project Jquery File Upload3 EDB exploits available1 Metasploit module available31 Github repositories available

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions....

Upload File Type Settings Plugin Project Upload File Type Settings Plugin

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

Iptanus Wordpress File Upload Iptanus Wordpress File Upload Pro

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file)....

File-upload-with-preview Project File-upload-with-preview

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for...

Iptanus Wordpress File Upload Pro Iptanus Wordpress File Upload

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin...

Iptanus Wordpress File Upload Pro Iptanus Wordpress File Upload

The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the...

Iptanus Wordpress File Upload Iptanus Wordpress File Upload Pro

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook