Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload manager file upload manager vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-6513
An issue exists in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
Wso2 Api Manager 2.6.0
6.5
CVSSv3
CVE-2021-20796
Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated malicious user to upload an arbitrary file via unspecified vectors.
Cybozu Remote Service Manager 3.1.8
NA
CVE-2008-7062
Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads...
Lovecms Lovecms 1.6.2
1 EDB exploit
8.8
CVSSv3
CVE-2021-4225
The SP Project & Document Manager WordPress plugin prior to 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file exte...
Smartypantsplugins Sp Project & Document Manager
8.8
CVSSv3
CVE-2023-38404
The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) prior to 8.0.0.410 allows an authenticated malicious user to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote...
Veritas Infoscale Operations Manager
6.1
CVSSv3
CVE-2018-5307
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x prior to 2.14.6 allow remote malicious users to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDeta...
Sonatype Nexus Repository Manager
6.1
CVSSv3
CVE-2018-5306
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x prior to 3.8 allow remote malicious users to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/...
Sonatype Nexus Repository Manager
NA
CVE-2009-4189
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote malicious users to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servle...
Hp Operations Manager
1 EDB exploit
8.8
CVSSv3
CVE-2023-47706
IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341.
Ibm Security Guardium Key Lifecycle Manager
9.8
CVSSv3
CVE-2023-52221
Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a up to and including 1.5.1.
Ukrsolution Barcode Scanner And Inventory Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »