Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-2510
SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the f_id parameter.
Wordpress Upload File Plugin
1 EDB exploit
6.1
CVSSv3
CVE-2021-23439
This affects the package file-upload-with-preview prior to 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file).
Johndatserakis File-upload-with-preview
4.8
CVSSv3
CVE-2023-2684
The File Renaming on Upload WordPress plugin prior to 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
Wpfactory File Renaming On Upload
6.1
CVSSv3
CVE-2021-37504
A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows malicious users to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name.
Hayageek Jquery Upload File 4.0.11
NA
CVE-2006-6813
SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ID parameter.
Mxmania Mxmania File Upload Manager
1 EDB exploit
NA
CVE-2005-1957
mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote malicious users to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via ...
Adam Mmedici File Upload Manager
NA
CVE-2007-2563
Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote malicious users to execute arbitrary code via a long argument.
Versalsoft Http File Upload Activex Control
2 EDB exploits
NA
CVE-2006-5617
Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote malicious users to read or download arbitrary files via a base64-encoded file path containing a .. (dot dot) sequence in the file parameter.
Thepeak Thepeak File Upload Manager 1.3
NA
CVE-2008-6638
Insecure method vulnerability in the Versalsoft HTTP Image Uploader ActiveX control (UUploaderSvrD.dll 6.0.0.35) allows remote malicious users to delete arbitrary files via the RemoveFileOrDir method.
Versalsoft Http File Upload Activex Control 6.0.0.35
NA
CVE-2008-5283
Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote malicious users to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...
Ghh Google Hack Honeypot File Upload Manager 1.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »