Total
2641 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-41626 | 1 Gradio Project | 1 Gradio | 2024-02-28 | N/A | 4.8 MEDIUM |
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface. | |||||
CVE-2023-4159 | 1 Omeka | 1 Omeka S | 2024-02-28 | N/A | 8.8 HIGH |
Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3. | |||||
CVE-2023-1720 | 1 Bitrix24 | 1 Bitrix24 | 2024-02-28 | N/A | 8.0 HIGH |
Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile. | |||||
CVE-2023-43838 | 1 Personal-management-system | 1 Personal Management System | 2024-02-28 | N/A | 7.8 HIGH |
An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. | |||||
CVE-2023-45384 | 1 Knowband | 1 Supercheckout | 2024-02-28 | N/A | 9.8 CRITICAL |
KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" (supercheckout), a guest can upload files with extensions .php | |||||
CVE-2023-38404 | 1 Veritas | 1 Infoscale Operations Manager | 2024-02-28 | N/A | 8.8 HIGH |
The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server. | |||||
CVE-2023-34394 | 1 Keysight | 1 Geolocation Server | 2024-02-28 | N/A | 7.8 HIGH |
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition. | |||||
CVE-2023-4817 | 1 Icpdas | 2 Et-7060, Et-7060 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device. | |||||
CVE-2023-41357 | 1 Gss | 1 Vitals Enterprise Social Platform | 2024-02-28 | N/A | 8.8 HIGH |
Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service. | |||||
CVE-2023-46428 | 1 Hadsky | 1 Hadsky | 2024-02-28 | N/A | 8.8 HIGH |
An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file. | |||||
CVE-2023-45952 | 1 Lylme | 1 Lylme Spage | 2024-02-28 | N/A | 9.8 CRITICAL |
An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
CVE-2023-44008 | 1 Mojoportal | 1 Mojoportal | 2024-02-28 | N/A | 9.8 CRITICAL |
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. | |||||
CVE-2023-5185 | 1 Projectworlds | 1 Gym Management System Project | 2024-02-28 | N/A | 8.8 HIGH |
Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | |||||
CVE-2023-31941 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2024-02-28 | N/A | 7.2 HIGH |
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employee_insert.php. | |||||
CVE-2023-27083 | 1 Pluck-cms | 1 Pluck | 2024-02-28 | N/A | 7.2 HIGH |
An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. | |||||
CVE-2022-33166 | 1 Ibm | 1 Security Directory Suite Va | 2024-02-28 | N/A | 7.2 HIGH |
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586. | |||||
CVE-2023-33386 | 1 Marsctf Project | 1 Marsctf | 2024-02-28 | N/A | 9.8 CRITICAL |
MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background. | |||||
CVE-2023-33569 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2024-02-28 | N/A | 7.2 HIGH |
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user. | |||||
CVE-2023-3491 | 1 Fossbilling | 1 Fossbilling | 2024-02-28 | N/A | 8.8 HIGH |
Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. | |||||
CVE-2023-33404 | 1 Blogengine | 1 Blogengine.net | 2024-02-28 | N/A | 9.8 CRITICAL |
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code. |