Total
2604 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4334 | 1 Labwiki Project | 1 Labwiki | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter. | |||||
CVE-2017-2737 | 1 Huawei | 2 Vcm5010, Vcm5010 Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system. | |||||
CVE-2017-6090 | 1 Phpcollab | 1 Phpcollab | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/. | |||||
CVE-2018-5724 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi. | |||||
CVE-2017-14838 | 1 Teamworktec | 1 Job Links | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | |||||
CVE-2017-3108 | 1 Adobe | 1 Experience Manager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | |||||
CVE-2017-1000238 | 1 Invoiceplane | 1 Invoiceplane | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver. | |||||
CVE-2017-13156 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847. | |||||
CVE-2015-2780 | 1 Berta | 1 Berta Cms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
CVE-2017-14079 | 1 Trendmicro | 1 Mobile Security | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | |||||
CVE-2017-11756 | 1 Earcms | 1 Ear Music | 2024-02-28 | 6.0 MEDIUM | 7.0 HIGH |
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code. | |||||
CVE-2015-4463 | 1 Efrontlearning | 1 Efront | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL. | |||||
CVE-2017-12332 | 1 Cisco | 2 Nx-os, Unified Computing System | 2024-02-28 | 4.9 MEDIUM | 4.4 MEDIUM |
A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832. | |||||
CVE-2017-1002001 | 1 Mobile-app-builder-by-wappress Project | 1 Mobile-app-builder-by-wappress | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | |||||
CVE-2017-9364 | 1 Bigtreecms | 1 Bigtree Cms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | |||||
CVE-2017-9380 | 1 Open-emr | 1 Openemr | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | |||||
CVE-2017-11154 | 1 Synology | 1 Photo Station | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. | |||||
CVE-2017-14346 | 1 Blog Project | 1 Blog | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | |||||
CVE-2017-4990 | 1 Emc | 1 Avamar Server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | |||||
CVE-2017-14958 | 1 Pivotx | 1 Pivotx | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file. |