Total
2451 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1713 | 1 Vtiger | 1 Vtiger Crm | 2024-02-28 | 8.5 HIGH | 7.3 HIGH |
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000. | |||||
CVE-2017-9101 | 1 Playsms | 1 Playsms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. | |||||
CVE-2017-7281 | 1 Unitrends | 1 Enterprise Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload. | |||||
CVE-2016-6124 | 1 Ibm | 1 Kenexa Lms On Cloud | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||
CVE-2017-9069 | 1 Modx | 1 Modx Revolution | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | |||||
CVE-2016-2914 | 1 Ibm | 1 Rational Publishing Engine | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension. | |||||
CVE-2016-7095 | 1 Exponentcms | 1 Exponent Cms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | |||||
CVE-2015-1000000 | 1 Mailcwp Project | 1 Mailcwp | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | |||||
CVE-2015-1000001 | 1 Fast-image-adder Project | 1 Fast-image-adder | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | |||||
CVE-2015-1000013 | 1 Csv2wpec-coupon Project | 1 Csv2wpec-coupon | 2024-02-28 | 5.0 MEDIUM | 7.8 HIGH |
Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 | |||||
CVE-2016-9187 | 1 Moodle | 1 Moodle | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | |||||
CVE-2016-9186 | 1 Moodle | 1 Moodle | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | |||||
CVE-2016-7452 | 1 Exponentcms | 1 Exponent Cms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | |||||
CVE-2016-5050 | 1 Readydesk | 1 Readydesk | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file. | |||||
CVE-2015-4524 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2024-02-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server. | |||||
CVE-2024-1932 | 2024-02-28 | N/A | 6.1 MEDIUM | ||
Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout | |||||
CVE-2015-0702 | 1 Cisco | 1 Unified Meetingplace | 2024-02-28 | 9.0 HIGH | N/A |
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. | |||||
CVE-2006-6994 | 1 Indirmax.org | 1 Ozzywork Galeri | 2024-02-28 | 6.4 MEDIUM | N/A |
Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks. | |||||
CVE-2006-5845 | 1 Speedywiki | 1 Speedywiki | 2024-02-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1. | |||||
CVE-2005-3288 | 1 Rockliffe | 1 Mailsite Express | 2024-02-28 | 5.0 MEDIUM | N/A |
Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message. |