Total
2451 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-48031 | 1 Opensupports | 1 Opensupports | 2024-08-29 | N/A | 9.8 CRITICAL |
OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation. | |||||
CVE-2024-42054 | 1 Cervantessec | 1 Cervantes | 2024-08-29 | N/A | 5.4 MEDIUM |
Cervantes through 0.5-alpha accepts insecure file uploads. | |||||
CVE-2024-22426 | 2024-08-29 | N/A | 7.2 HIGH | ||
Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise. | |||||
CVE-2024-34906 | 1 Dootask | 1 Dootask | 2024-08-28 | N/A | 5.4 MEDIUM |
An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
CVE-2024-39717 | 1 Versa-networks | 1 Versa Director | 2024-08-28 | N/A | 7.2 HIGH |
The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in. | |||||
CVE-2024-29514 | 2024-08-28 | N/A | 8.8 HIGH | ||
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
CVE-2024-26503 | 2024-08-28 | N/A | 9.1 CRITICAL | ||
Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint. | |||||
CVE-2023-5524 | 1 M-files | 1 Web Companion | 2024-08-28 | N/A | 7.3 HIGH |
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types | |||||
CVE-2024-28423 | 2024-08-27 | N/A | 9.8 CRITICAL | ||
Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file. | |||||
CVE-2024-28713 | 2024-08-27 | N/A | 9.8 CRITICAL | ||
An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature. | |||||
CVE-2023-41506 | 2024-08-27 | N/A | 9.8 CRITICAL | ||
An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
CVE-2024-27283 | 2024-08-27 | N/A | 7.2 HIGH | ||
A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed. | |||||
CVE-2024-8170 | 1 Rems | 1 Zipped Folder Manager App | 2024-08-27 | 4.0 MEDIUM | 9.8 CRITICAL |
A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the argument folder leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-8089 | 1 Janobe | 1 E-commerce System | 2024-08-27 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-8166 | 1 Ruijie | 2 Eg2000k, Eg2000k Firmware | 2024-08-27 | 5.8 MEDIUM | 4.9 MEDIUM |
A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-27733 | 2024-08-26 | N/A | 7.7 HIGH | ||
File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component. | |||||
CVE-2024-25674 | 1 Misp | 1 Misp | 2024-08-26 | N/A | 9.8 CRITICAL |
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type. | |||||
CVE-2024-7987 | 2024-08-26 | N/A | N/A | ||
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files. | |||||
CVE-2024-40318 | 1 Webkul | 1 Qloapps | 2024-08-26 | N/A | 7.2 HIGH |
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
CVE-2024-35570 | 2024-08-26 | N/A | 9.8 CRITICAL | ||
An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file. |