Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file project vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-9621
The ELF parser in file 5.16 up to and including 5.21 allows remote malicious users to cause a denial of service via a long string.
File Project File 5.20
File Project File 5.21
File Project File 5.16
File Project File 5.17
File Project File 5.18
File Project File 5.19
312
VMScore
CVE-2019-5458
Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.
Http-file-server Project Http-file-server 0.1.0
Http-file-server Project Http-file-server 0.2.0
Http-file-server Project Http-file-server 0.2.1
Http-file-server Project Http-file-server 0.2.2
Http-file-server Project Http-file-server 0.2.3
Http-file-server Project Http-file-server 0.2.4
Http-file-server Project Http-file-server 0.2.5
Http-file-server Project Http-file-server 0.2.6
445
VMScore
CVE-2018-3724
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.
General-file-server Project General-file-server 1.1.6
General-file-server Project General-file-server 1.1.4
General-file-server Project General-file-server 1.1.2
General-file-server Project General-file-server 1.0.0
General-file-server Project General-file-server 1.1.8
General-file-server Project General-file-server 1.1.7
General-file-server Project General-file-server 1.1.5
General-file-server Project General-file-server 1.1.3
605
VMScore
CVE-2018-17095
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
Audio File Library Project Audio File Library 0.3.0
Audio File Library Project Audio File Library 0.3.1
Audio File Library Project Audio File Library 0.3.2
Audio File Library Project Audio File Library 0.3.3
Audio File Library Project Audio File Library 0.3.4
Audio File Library Project Audio File Library 0.3.5
Audio File Library Project Audio File Library 0.3.6
Canonical Ubuntu Linux 14.04
383
VMScore
CVE-2014-8765
Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x prior to 6.x-2.17 for Drupal allow (1) remote malicious users to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the pat...
Drupal Project Issue File Review 6.x-2.15
Drupal Project Issue File Review 6.x-2.14
Drupal Project Issue File Review 6.x-2.12
Drupal Project Issue File Review 6.x-2.08
Drupal Project Issue File Review 6.x-2.07
Drupal Project Issue File Review 6.x-2.00
Drupal Project Issue File Review 6.x-2.05
Drupal Project Issue File Review 6.x-2.04
Drupal Project Issue File Review 6.x-2.03
Drupal Project Issue File Review 6.x-2.02
Drupal Project Issue File Review
Drupal Project Issue File Review 6.x-2.10
Drupal Project Issue File Review 6.x-2.13
Drupal Project Issue File Review 6.x-2.06
Drupal Project Issue File Review 6.x-2.01
187
VMScore
CVE-2017-1000249
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Au...
File Project File 5.29
605
VMScore
CVE-2015-4379
Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.3 for Drupal allows remote malicious users to hijack the authentication of certain users for requests that delete files via unspecified v...
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.1
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.2
Webform Multiple File Upload Project Webform Multiple File Upload 7.x-1.x
Webform Multiple File Upload Project Webform Multiple File Upload 7.x-1.2
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.0
445
VMScore
CVE-2020-15779
A Path Traversal issue exists in the socket.io-file package up to and including 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.
Socket.io-file Project Socket.io-file
NA
CVE-2023-0431
The File Away WordPress plugin up to and including 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
File Away Project File Away
NA
CVE-2022-36313
An issue exists in the file-type package prior to 16.5.4 and 17.x prior to 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.
File-type Project File-type
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »