Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-9172
The Iptanus WordPress File Upload plugin prior to 4.3.3 for WordPress mishandles shortcode attributes.
Iptanus Wordpress File Upload
1 EDB exploit
4.3
CVSSv2
CVE-2021-37504
A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows malicious users to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name.
Hayageek Jquery Upload File 4.0.11
4.3
CVSSv2
CVE-2021-23439
This affects the package file-upload-with-preview prior to 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file).
Johndatserakis File-upload-with-preview
NA
CVE-2023-2684
The File Renaming on Upload WordPress plugin prior to 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
Wpfactory File Renaming On Upload
7.5
CVSSv2
CVE-2005-1957
mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote malicious users to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via ...
Adam Mmedici File Upload Manager
7.5
CVSSv2
CVE-2006-6813
SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ID parameter.
Mxmania Mxmania File Upload Manager
1 EDB exploit
7.5
CVSSv2
CVE-2006-5617
Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote malicious users to read or download arbitrary files via a base64-encoded file path containing a .. (dot dot) sequence in the file parameter.
Thepeak Thepeak File Upload Manager 1.3
9.3
CVSSv2
CVE-2007-2563
Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote malicious users to execute arbitrary code via a long argument.
Versalsoft Http File Upload Activex Control
2 EDB exploits
8.8
CVSSv2
CVE-2008-6638
Insecure method vulnerability in the Versalsoft HTTP Image Uploader ActiveX control (UUploaderSvrD.dll 6.0.0.35) allows remote malicious users to delete arbitrary files via the RemoveFileOrDir method.
Versalsoft Http File Upload Activex Control 6.0.0.35
6.4
CVSSv2
CVE-2008-5283
Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote malicious users to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...
Ghh Google Hack Honeypot File Upload Manager 1.3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »