Total
2604 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-15580 | 1 Osticket | 1 Osticket | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content. | |||||
CVE-2014-2664 | 1 X2engine | 1 X2crm | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
CVE-2014-9619 | 1 Netsweeper | 1 Netsweeper | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif. | |||||
CVE-2017-15054 | 1 Teampass | 1 Teampass | 2024-02-28 | 6.5 MEDIUM | 7.5 HIGH |
An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server. | |||||
CVE-2015-4462 | 1 Efrontlearning | 1 Efront | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php. | |||||
CVE-2017-1000081 | 1 Onosproject | 1 Onos | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | |||||
CVE-2017-16524 | 2 Hanwhasecurity, Samsung | 2 Web Viewer, Srn-1670d | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI. | |||||
CVE-2017-11405 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. | |||||
CVE-2017-10940 | 1 Joyent | 1 Triton Datacenter | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853. | |||||
CVE-2015-9228 | 1 Imagely | 1 Nextgen Gallery | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | |||||
CVE-2017-14050 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. | |||||
CVE-2017-14704 | 1 Claydip | 1 Airbnb Clone | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. | |||||
CVE-2017-15962 | 1 Istock Management System Project | 1 Istock Management System | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
iStock Management System 1.0 allows Arbitrary File Upload via user/profile. | |||||
CVE-2017-1000194 | 1 Octobercms | 1 October | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. | |||||
CVE-2014-4972 | 1 Ajax Upload For Gravity Forms Project | 1 Ajax Upload For Gravity Forms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms. | |||||
CVE-2017-11466 | 1 Dotcms | 1 Dotcms | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI. | |||||
CVE-2014-9312 | 1 10web | 1 Photo Gallery | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | |||||
CVE-2015-8249 | 1 Manageengine | 1 Desktop Central | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. | |||||
CVE-2017-11404 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | |||||
CVE-2017-14841 | 1 Dasinfomedia | 1 Annual Maintenance Contract Management System | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. |