Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-8503
Biscom Secure File Transfer (SFT) 5.0.1050 up to and including 5.1.1067 and 6.0.1000 up to and including 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.
Biscom Secure File Transfer
5
CVSSv2
CVE-2002-0978
Microsoft File Transfer Manager (FTM) ActiveX control prior to 4.0 allows remote malicious users to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function.
Microsoft File Transfer Manager
NA
CVE-2023-2068
The File Manager Advanced Shortcode WordPress plugin up to and including 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst cas...
Advancedfilemanager File Manager Advanced Shortcode
NA
CVE-2022-3125
The Frontend File Manager Plugin WordPress plugin prior to 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE
Najeebmedia Frontend File Manager
6.5
CVSSv2
CVE-2020-35235
vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin up to and including 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulne...
Themexa Secure File Manager
6.5
CVSSv2
CVE-2013-2982
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors.
Ibm Sterling File Gateway 2.1
Ibm Sterling File Gateway 2.2
Ibm Sterling B2b Integrator 5.2
Ibm Sterling B2b Integrator 5.1
NA
CVE-2022-3126
The Frontend File Manager Plugin WordPress plugin prior to 21.4 does not have CSRF check when uploading files, which could allow malicious users to make logged in users upload files on their behalf
Najeebmedia Frontend File Manager Plugin
7.8
CVSSv2
CVE-2008-7110
Directory traversal vulnerability in the Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote malicious users to upload files to arbitrary locations via a .. (dot dot) in a request.
Kyoceramita Scanner File Utility 3.3.0.1
1 EDB exploit
6.4
CVSSv2
CVE-2008-7113
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 uses a small space of predictable user identification numbers for access control, which allows remote malicious users to upload documents via a brute force attack.
Kyoceramita Scanner File Utility 3.3.0.1
3.5
CVSSv2
CVE-2017-5247
Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any ...
Biscom Secure File Transfer -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »