Vulnerabilities (CVE)

Filtered by CWE-434
Total 2604 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15580 1 Osticket 1 Osticket 2024-02-28 7.5 HIGH 9.8 CRITICAL
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.
CVE-2014-2664 1 X2engine 1 X2crm 2024-02-28 6.5 MEDIUM 8.8 HIGH
Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
CVE-2014-9619 1 Netsweeper 1 Netsweeper 2024-02-28 6.5 MEDIUM 7.2 HIGH
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.
CVE-2017-15054 1 Teampass 1 Teampass 2024-02-28 6.5 MEDIUM 7.5 HIGH
An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server.
CVE-2015-4462 1 Efrontlearning 1 Efront 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php.
CVE-2017-1000081 1 Onosproject 1 Onos 2024-02-28 7.5 HIGH 9.8 CRITICAL
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
CVE-2017-16524 2 Hanwhasecurity, Samsung 2 Web Viewer, Srn-1670d 2024-02-28 6.5 MEDIUM 8.8 HIGH
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.
CVE-2017-11405 1 Cmsmadesimple 1 Cms Made Simple 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file.
CVE-2017-10940 1 Joyent 1 Triton Datacenter 2024-02-28 9.0 HIGH 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853.
CVE-2015-9228 1 Imagely 1 Nextgen Gallery 2024-02-28 9.0 HIGH 8.8 HIGH
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
CVE-2017-14050 1 Blackcat-cms 1 Blackcat Cms 2024-02-28 6.5 MEDIUM 8.8 HIGH
In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.
CVE-2017-14704 1 Claydip 1 Airbnb Clone 2024-02-28 6.5 MEDIUM 8.8 HIGH
Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile.
CVE-2017-15962 1 Istock Management System Project 1 Istock Management System 2024-02-28 7.5 HIGH 9.8 CRITICAL
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
CVE-2017-1000194 1 Octobercms 1 October 2024-02-28 7.5 HIGH 9.8 CRITICAL
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.
CVE-2014-4972 1 Ajax Upload For Gravity Forms Project 1 Ajax Upload For Gravity Forms 2024-02-28 7.5 HIGH 9.8 CRITICAL
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms.
CVE-2017-11466 1 Dotcms 1 Dotcms 2024-02-28 9.0 HIGH 7.2 HIGH
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI.
CVE-2014-9312 1 10web 1 Photo Gallery 2024-02-28 6.5 MEDIUM 8.8 HIGH
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
CVE-2015-8249 1 Manageengine 1 Desktop Central 2024-02-28 10.0 HIGH 9.8 CRITICAL
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.
CVE-2017-11404 1 Cmsmadesimple 1 Cms Made Simple 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.
CVE-2017-14841 1 Dasinfomedia 1 Annual Maintenance Contract Management System 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.