Total
2650 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28731 | 1 Acymailing | 1 Acymailing | 2024-11-21 | N/A | 9.8 CRITICAL |
| AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. | |||||
| CVE-2023-28725 | 1 Generalbytes | 1 Crypto Application Server | 2024-11-21 | N/A | 9.1 CRITICAL |
| General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44. | |||||
| CVE-2023-28700 | 1 Itpison | 1 Omicard Edm | 2024-11-21 | N/A | 6.8 MEDIUM |
| OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | |||||
| CVE-2023-28699 | 1 Wddgroup | 1 Fantasy | 2024-11-21 | N/A | 8.8 HIGH |
| Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service. | |||||
| CVE-2023-28652 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition. | |||||
| CVE-2023-28482 | 1 Tigergraph | 1 Tigergraph | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has permissions to upload data can browse data uploaded by any other user (irrespective of their permissions). | |||||
| CVE-2023-28480 | 1 Tigergraph | 1 Tigergraph | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An attacker who has filesystem access on a remote TigerGraph system can alter the behavior of the database against the will of the database administrator; thus effectively bypassing the built in RBAC controls. | |||||
| CVE-2023-28409 | 1 Mw Wp Form Project | 1 Mw Wp Form | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. | |||||
| CVE-2023-28353 | 2 Faronics, Microsoft | 2 Insight, Windows | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM. | |||||
| CVE-2023-28337 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device. | |||||
| CVE-2023-28170 | 1 Themely | 1 Theme Demo Import | 2024-11-21 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.This issue affects Theme Demo Import: from n/a through 1.1.1. | |||||
| CVE-2023-28128 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.2 HIGH |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | |||||
| CVE-2023-27881 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 8.0 HIGH |
| A user could use the “Upload Resource” functionality to upload files to any location on the disk. | |||||
| CVE-2023-27757 | 1 Perfree | 1 Perfreeblog | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file. | |||||
| CVE-2023-27755 | 1 71note | 1 Go-bbs | 2024-11-21 | N/A | 8.8 HIGH |
| go-bbs v1 was discovered to contain an arbitrary file download vulnerability via the component /api/v1/download. | |||||
| CVE-2023-27602 | 1 Apache | 1 Linkis | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true` | |||||
| CVE-2023-27440 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17. | |||||
| CVE-2023-27397 | 1 Microengine | 1 Mailform | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | |||||
| CVE-2023-27246 | 1 Mk-auth | 1 Mk-auth | 2024-11-21 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file. | |||||
| CVE-2023-27235 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. | |||||