Lucene search
K

6 matches found

Nuclei
Nuclei
added 3 hours ago97 views

Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion

In avataruploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files. id: CVE-2018-9205 info: name: Drupal avataruploader v7.x-1.0-beta8 - Local File Inclusion author: daffainfo severity: high description: In avataruploader...

7.5CVSS7.2AI score0.56924EPSS
Exploits6References5
Circl
Circl
added 2024/12/23 12:0 a.m.9 views

CVE-2018-9205

creationtimestamp| type| source ---|---|--- 2024-12-23 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-12-23 2025-02-02 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-02 2025-04-12 00:00:00+00:00| seen| The Shadowserver...

7.5CVSS7.1AI score0.56924EPSS
In wildExploits6References3
Exploit DB
Exploit DB
added 2018/04/23 12:0 a.m.48 views

Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure

Title: Drupal avataruploader v7.x-1.0-beta8 - Arbitrary File Disclosure Author: Larry W. Cashdollar Date: 2018-03-30 CVE-ID: CVE-2018-9205 Download Site: https://www.drupal.org/project/avataruploader Vendor: https://www.drupal.org/u/robbinzhao Vendor Notified: 2018-04-02 Vendor Contact:...

7.5CVSS7.6AI score0.56924EPSS
Exploits6
Packet Storm
Packet Storm
added 2018/04/21 12:0 a.m.89 views

Drupal Avatar Uploader 7.x-1.0-beta8 Arbitary File Download

Title: Arbitrary file download vulnerability in Drupal module avataruploader v7.x-1.0-beta8 Author: Larry W. Cashdollar Date: 2018-03-30 CVE-ID:CVE-2018-9205 Download Site: https://www.drupal.org/project/avataruploader Vendor: https://www.drupal.org/u/robbinzhao Vendor Notified: 2018-04-02 Vendor...

7.6AI score0.56924EPSS
Exploits6
OSV
OSV
added 2018/04/04 3:29 p.m.5 views

CVE-2018-9205

Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...

7.5CVSS5.8AI score0.56924EPSS
Exploits6References4
CVE
CVE
added 2018/04/04 3:0 p.m.82 views

CVE-2018-9205

Drupal avatar_uploader v7.x-1.0-beta8 is vulnerable to Local/Arbitrary File Disclosure because view.php does not restrict file paths or verify user permissions, allowing unauthenticated retrieval of arbitrary files from the server (e.g., via uploadDir). The issue is a path traversal style flaw in...

7.5CVSS7.4AI score0.56924EPSS
In wildExploits6References4Affected Software1
Rows per page
Query Builder