Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-1002008
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
Membership Simplified Project Membership Simplified 1.58
1 EDB exploit
9.8
CVSSv3
CVE-2016-4010
Magento CE and EE prior to 2.0.6 allows remote malicious users to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
Magento Magento
1 EDB exploit
3 Github repositories
1 Article
NA
CVE-2005-3927
Multiple directory traversal vulnerabilities in GuppY 4.5.9 and previous versions allow remote malicious users to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbb...
Guppy Guppy 4.5.3a
Guppy Guppy 4.5.4
Guppy Guppy 4.5.9
Guppy Guppy 4.5
Guppy Guppy 4.5.3
4 EDB exploits
NA
CVE-2001-0653
Sendmail 8.10.0 up to and including 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
Sendmail Sendmail 8.12
Sendmail Sendmail 8.11.0
Sendmail Sendmail 8.11.1
Sendmail Sendmail 8.11.2
Sendmail Sendmail 8.11.3
Sendmail Sendmail 8.11.4
Sendmail Sendmail 8.11.5
4 EDB exploits
8.8
CVSSv3
CVE-2015-6567
Wolf CMS prior to 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functio...
Wolfcms Wolf Cms
2 EDB exploits
7.8
CVSSv3
CVE-2019-13623
In NSA Ghidra prior to 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows malicious users to overwrite arbitrary files in scenarios where a...
Nsa Ghidra
1 EDB exploit
8.8
CVSSv3
CVE-2015-6568
Wolf CMS prior to 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploadi...
Wolfcms Wolf Cms
2 EDB exploits
NA
CVE-2015-6923
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.
Vboxcomm Satellite Express Protocol 2.3.17.3
1 EDB exploit
NA
CVE-2011-2745
upload_handler.php in the swfupload extension in Chyrp 2.0 and previous versions relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, vi...
Chyrp Chyrp
1 EDB exploit
7.5
CVSSv3
CVE-2017-5630
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
Php Pear 1.10.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »