Vulnerabilities (CVE)

Filtered by CWE-434
Total 2604 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6580 1 Janguo 1 Jimtawl 2024-02-28 7.5 HIGH 9.8 CRITICAL
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.
CVE-2018-1215 1 Dell 4 Emc Solutions Enabler Virtual Appliance, Emc Unisphere For Vmax Virtual Appliance, Emc Vasa Virtual Appliance and 1 more 2024-02-28 9.0 HIGH 8.8 HIGH
An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability.
CVE-2018-13021 1 Hongcms Project 1 Hongcms 2024-02-28 9.0 HIGH 7.2 HIGH
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.
CVE-2017-15549 1 Emc 3 Avamar Server, Integrated Data Protection Appliance, Networker 2024-02-28 9.0 HIGH 8.8 HIGH
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.
CVE-2017-2699 1 Huawei 6 Honor 7, Honor 7 Firmware, Lyo-l21 and 3 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of arbitrary code.
CVE-2017-14399 1 Blackcat-cms 1 Blackcat Cms 2024-02-28 6.5 MEDIUM 8.8 HIGH
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.
CVE-2017-1002000 1 Mobile-friendly-app-builder-by-easytouch Project 1 Mobile-friendly-app-builder-by-easytouch 2024-02-28 7.5 HIGH 9.8 CRITICAL
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
CVE-2017-11326 1 Tilde Cms Project 1 Tilde Cms 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation.
CVE-2017-9650 2 Automatedlogic, Carrier 3 I-vu, Sitescan Web, Automatedlogic Webctrl 2024-02-28 4.6 MEDIUM 7.8 HIGH
An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code.
CVE-2017-9840 1 Dolibarr 1 Dolibarr 2024-02-28 6.5 MEDIUM 8.8 HIGH
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
CVE-2017-15673 1 Cs-cart 1 Cs-cart 2024-02-28 9.0 HIGH 7.2 HIGH
The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.
CVE-2017-17987 1 Muslim Matrimonial Script Project 1 Muslim Matrimonial Script 2024-02-28 6.5 MEDIUM 7.2 HIGH
PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.
CVE-2017-12929 1 Tecnovision 1 Dlx Spot Player4 2024-02-28 6.5 MEDIUM 8.8 HIGH
Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.
CVE-2017-1002003 1 Wp2android-turn-wp-site-into-android-app Project 1 Wp2android-turn-wp-site-into-android-app 2024-02-28 7.5 HIGH 9.8 CRITICAL
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
CVE-2017-15957 1 Ingenious School Management System Project 1 Ingenious School Management System 2024-02-28 6.5 MEDIUM 8.8 HIGH
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
CVE-2017-6041 1 Marel 44 A320, A320 Firmware, A325 and 41 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.
CVE-2017-17593 1 Simple Chatting System Project 1 Simple Chatting System 2024-02-28 5.0 MEDIUM 7.5 HIGH
Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.
CVE-2016-0354 1 Ibm 1 Sametime 2024-02-28 6.0 MEDIUM 5.5 MEDIUM
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893.
CVE-2015-7571 1 Yeager 1 Yeager Cms 2024-02-28 6.8 MEDIUM 7.8 HIGH
Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
CVE-2017-1000119 1 Octobercms 1 October 2024-02-28 6.5 MEDIUM 7.2 HIGH
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.