Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
swfupload vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2013-4144
There is an object injection vulnerability in swfupload plugin for wordpress.
Swfupload Project Swfupload 3.5.2
436
VMScore
CVE-2012-3414
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and previous versions, as used in WordPress prior to 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote malicious users to inject arbitrary web script or HTML via the movieName paramet...
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Swfupload Project Swfupload 1.0.2
Swfupload Project Swfupload 2.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.2
Swfupload Project Swfupload 2.1.0
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.3
Swfupload Project Swfupload 2.2.0
Swfupload Project Swfupload
Wordpress Wordpress -
Wordpress Wordpress 3.0
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress
1 EDB exploit
2 Github repositories
1 Article
655
VMScore
CVE-2011-2745
upload_handler.php in the swfupload extension in Chyrp 2.0 and previous versions relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, vi...
Chyrp Chyrp
1 EDB exploit
668
VMScore
CVE-2017-16920
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote malicious users to upload arbitrary .php files via a member api swfupload action to index.php.
Finecms Finecms 5.2.0
755
VMScore
CVE-2007-5307
ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote malicious users to execute arbitrary PHP code by uploading a .php file via externe/swfuplo...
Yannick Tanguy Else If Cms 0.6-beta
1 EDB exploit
384
VMScore
CVE-2013-2205
The default configuration of SWFUpload in WordPress prior to 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote malicious users to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.3
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.6.3
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.2
Wordpress Wordpress 2.6
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.9
Wordpress Wordpress 2.9.1
Wordpress Wordpress 2.8.5.1
Wordpress Wordpress 2.8.1
Wordpress Wordpress 1.6.2
Wordpress Wordpress 1.5.2
2 Github repositories
891
VMScore
CVE-2012-2399
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and previous versions, as used in WordPress prior to 3.5.2, TinyMCE Image Manager 1.1 and previous versions, and other products allows remote malicious users to inject arbitrary web script or HTML via ...
Wordpress Wordpress 2.8
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.0
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.8.5
Wordpress Wordpress 2.8.1
Wordpress Wordpress 3.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 3.0
Wordpress Wordpress 1.5
Wordpress Wordpress 1.2
Wordpress Wordpress 2.9.1
Wordpress Wordpress 1.0
Wordpress Wordpress 1.2.3
Wordpress Wordpress 1.2.4
Wordpress Wordpress 3.0.4
Wordpress Wordpress 2.8.5.1
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.0.8
Wordpress Wordpress 1.5.1.3
2 Github repositories
680
VMScore
CVE-2013-0235
The XMLRPC API in WordPress prior to 3.5.1 allows remote malicious users to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.3
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.6.5
Wordpress Wordpress 2.5
Wordpress Wordpress 2.8.3
Wordpress Wordpress 2.7.1
Wordpress Wordpress 2.8.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.0.2
Wordpress Wordpress
Wordpress Wordpress 3.3.2
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.9
383
VMScore
CVE-2013-2199
The HTTP API in WordPress prior to 3.5.2 allows remote malicious users to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235.
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.3.2
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.8
Wordpress Wordpress 2.6.1
Wordpress Wordpress 2.6
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.9.2
Wordpress Wordpress 2.7
Wordpress Wordpress 2.9.1.1
Wordpress Wordpress 2.8.5.1
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.4.0
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.3.3
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.1
356
VMScore
CVE-2013-2200
WordPress prior to 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.
Wordpress Wordpress 3.3.2
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.2
Wordpress Wordpress 2.6
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.9
Wordpress Wordpress 2.9.1
Wordpress Wordpress 2.8.5.1
Wordpress Wordpress 2.8.1
Wordpress Wordpress 1.6.2
Wordpress Wordpress 1.5.2
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.2.5
Wordpress Wordpress 1.3.2
Wordpress Wordpress 0.71
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.3
Wordpress Wordpress 2.3
Wordpress Wordpress 2.0.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »