Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file inclusion vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2020-16152
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine up to and including 10.0r8a allows malicious users to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to ...
Extremenetworks Aerohive Netconfig
Extremenetworks Aerohive Netconfig 10.0r8a
1 Metasploit module
2 Github repositories
1000
VMScore
CVE-2020-5902
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Ssl Orchestrator
1 Metasploit module
90 Github repositories
6 Articles
1000
VMScore
CVE-2015-8352
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
Zen-cart Zen Cart 1.5.4
1 EDB exploit
1000
VMScore
CVE-2010-5286
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote malicious users to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
Joobi Com Jstore -
1 EDB exploit
1000
VMScore
CVE-2012-2953
The management console in Symantec Web Gateway 5.0.x prior to 5.0.3.18 allows remote malicious users to execute arbitrary commands via crafted input to application scripts.
Symantec Web Gateway 5.0.1
Symantec Web Gateway 5.0
Symantec Web Gateway 5.0.2
Symantec Web Gateway 5.0.3
2 EDB exploits
1000
VMScore
CVE-2012-0297
The management GUI in Symantec Web Gateway 5.0.x prior to 5.0.3 does not properly restrict access to application scripts, which allows remote malicious users to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
Symantec Web Gateway 5.0.1
Symantec Web Gateway 5.0
Symantec Web Gateway 5.0.2
4 EDB exploits
1000
VMScore
CVE-2010-4931
Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party
Php-fusion Php-fusion -
1 EDB exploit
1000
VMScore
CVE-2010-4279
The default configuration of Pandora FMS 3.1 and previous versions specifies an empty string for the loginhash_pwd field, which allows remote malicious users to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conj...
Artica Pandora Fms 3.1
Artica Pandora Fms 3.0
Artica Pandora Fms 2.0
Artica Pandora Fms 2.1.1
Artica Pandora Fms 1.3.1
Artica Pandora Fms 1.3
Artica Pandora Fms 2.1
Artica Pandora Fms 1.2
Artica Pandora Fms
2 EDB exploits
1000
VMScore
CVE-2008-6834
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads...
Fuzzylime Fuzzylime \\(cms\\) 3.0.1
Fuzzylime Fuzzylime \\(cms\\) 3.0.1a
1 EDB exploit
1000
VMScore
CVE-2008-6604
Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulnerability than CVE-2007-5390.
Picoflat Picoflat Cms 0.5.9
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »