Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

file upload vulnerabilities and exploits

(subscribe to this query)

6.8
CVSSv2
CVE-2014-5199
Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of...
Wordpress File Upload Project Wordpress File Upload
5
CVSSv2
CVE-2005-1956
File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks....
File Upload Manager File Upload Manager
6.8
CVSSv2
CVE-2015-4379
Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors....
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.1Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.2Webform Multiple File Upload Project Webform Multiple File Upload 7.x-1.xWebform Multiple File Upload Project Webform Multiple File Upload 7.x-1.2Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.0
7.5
CVSSv2
CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0...
Jquery File Upload Project Jquery File Upload
4.3
CVSSv2
CVE-2021-23439
This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file)....
File-upload-with-preview Project File-upload-with-preview
4.3
CVSSv2
CVE-2018-9844
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS....
Iptanus Wordpress File Upload
7.5
CVSSv2
CVE-2008-2510
SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter....
Wordpress Upload File Plugin
7.5
CVSSv2
CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote...
Creative-solutions Creative Contact FormJquery File Upload Project Jquery File Upload 6.4.4
9.3
CVSSv2
CVE-2007-2563
Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument....
Versalsoft Http File Upload Activex Control
5
CVSSv2
CVE-2015-9339
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files....
Iptanus Wordpress File Upload
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-42539CVE-2021-30359CVE-2021-34484CVE-2021-0483CVE-2021-38646CVE-2020-23041brute forcefirmwaremalicious code‎
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook