pluxml vulnerabilities and exploits

4.3
CVSSv2
CVE-2007-3542

Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter....

Pluxml
7.5
CVSSv2
CVE-2012-2227

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter....

Pluxml
7.5
CVSSv2
CVE-2007-3432

Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename....

Pluxml
3.5
CVSSv2
CVE-2017-1001001

PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges....

5
CVSSv2
CVE-2012-4674

PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID....

4.3
CVSSv2
CVE-2012-4675

Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update....

4.8
CVSSv2
CVE-2019-6447

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once,...

EstrongsEs File Explorer File Manager
6.4
CVSSv2
CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access....

LibsshNetappOncommand Workflow AutomationSnapcenterStorage Automation StoreOracleMysql WorkbenchCanonicalUbuntu LinuxDebianDebian LinuxRedhatEnterprise Linux