Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2018-1000651
Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.
Gchq Stroom
10
CVSSv3
CVE-2018-1000652
JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted M...
Jabref Jabref
10
CVSSv3
CVE-2018-6968
The VMware AirWatch Agent for Android before 8.2 and AirWatch Agent for Windows Mobile before 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent san...
Vmware Airwatch Agent
1 Article
10
CVSSv3
CVE-2017-12815
Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and previous versions revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaSta...
Bomgar Remote Support -
10
CVSSv3
CVE-2018-1000124
I Librarian I-librarian version 4.8 and previous versions contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via p...
I-librarian I\\, Librarian
10
CVSSv3
CVE-2017-8794
An issue exists on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.
Accellion File Transfer Appliance
10
CVSSv3
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x prior to 2.3.32 and 2.5.x prior to 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote malicious users to execute arbitrary commands via a crafted Content-Typ...
Apache Struts 2.3.5
Apache Struts 2.3.28
Apache Struts 2.3.20.2
Apache Struts 2.3.15
Apache Struts 2.3.25
Apache Struts 2.3.14
Apache Struts 2.3.13
Apache Struts 2.3.16
Apache Struts 2.3.24.2
Apache Struts 2.3.17
Apache Struts 2.3.24.1
Apache Struts 2.3.22
Apache Struts 2.3.9
Apache Struts 2.3.16.3
Apache Struts 2.3.23
Apache Struts 2.3.6
Apache Struts 2.3.24.3
Apache Struts 2.3.15.2
Apache Struts 2.3.29
Apache Struts 2.3.14.3
Apache Struts 2.3.19
Apache Struts 2.3.20.1
2 EDB exploits
2 Nmap scripts
144 Github repositories
15 Articles
10
CVSSv3
CVE-2016-8938
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.
Ibm Urbancode Deploy 6.0.1.11
Ibm Urbancode Deploy 6.0.1.12
Ibm Urbancode Deploy 6.0.1.13
Ibm Urbancode Deploy 6.0.1.14
Ibm Urbancode Deploy 6.1.1
Ibm Urbancode Deploy 6.1.1.1
Ibm Urbancode Deploy 6.1.1.2
Ibm Urbancode Deploy 6.1.1.3
Ibm Urbancode Deploy 6.2.1
Ibm Urbancode Deploy 6.2.1.1
Ibm Urbancode Deploy 6.2.2
Ibm Urbancode Deploy 6.2.2.1
Ibm Urbancode Deploy 6.0.1
Ibm Urbancode Deploy 6.0.1.10
Ibm Urbancode Deploy 6.0.1.2
Ibm Urbancode Deploy 6.0.1.4
Ibm Urbancode Deploy 6.0.1.6
Ibm Urbancode Deploy 6.1.0.1
Ibm Urbancode Deploy 6.1.0.3
Ibm Urbancode Deploy 6.1.1.5
Ibm Urbancode Deploy 6.1.1.7
Ibm Urbancode Deploy 6.2.0.0
10
CVSSv3
CVE-2016-1505
The filesystem storage backend in Radicale prior to 1.1 on Windows allows remote malicious users to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.
Radicale Radicale
10
CVSSv3
CVE-2015-8396
Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) prior to 2.6.2 allows malicious users to execute arbitrary code via crafted header dimensions in a DICOM image file, which trig...
Grassroots Dicom Project Grassroots Dicom
Grassroots Dicom Project Grassroots Dicom 2.6.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »