Total
1152 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000194 | 1 Octobercms | 1 October | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. | |||||
| CVE-2017-15962 | 1 Istock Management System Project | 1 Istock Management System | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| iStock Management System 1.0 allows Arbitrary File Upload via user/profile. | |||||
| CVE-2017-1000081 | 1 Onosproject | 1 Onos | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | |||||
| CVE-2013-7426 | 1 Kamailio | 1 Kamailio | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | |||||
| CVE-2017-1002002 | 1 Webapp-builder Project | 1 Webapp-builder | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/ | |||||
| CVE-2017-8862 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges. | |||||
| CVE-2017-1002003 | 1 Wp2android-turn-wp-site-into-android-app Project | 1 Wp2android-turn-wp-site-into-android-app | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | |||||
| CVE-2015-4455 | 1 Aviary Image Editor Add-on For Gravity Forms Project | 1 Aviary Image Editor Add-on For Gravity Forms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. | |||||
| CVE-2017-16949 | 1 Accesspressthemes | 1 Anonymous Post Pro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution. | |||||
| CVE-2017-1002016 | 1 Flickr Picture Backup Project | 1 Flickr Picture Backup | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. | |||||
| CVE-2015-2780 | 1 Berta | 1 Berta Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2017-11357 | 1 Telerik | 1 Ui For Asp.net Ajax | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | |||||
| CVE-2017-4990 | 1 Emc | 1 Avamar Server | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | |||||
| CVE-2017-6041 | 1 Marel | 44 A320, A320 Firmware, A325 and 41 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection. | |||||
| CVE-2015-3884 | 1 Qdpm | 1 Qdpm | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. | |||||
| CVE-2017-3108 | 1 Adobe | 1 Experience Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | |||||
| CVE-2017-1002008 | 1 Membership Simplified Project | 1 Membership Simplified | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. | |||||
| CVE-2017-9364 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | |||||
| CVE-2024-32161 | 1 Jizhicms | 1 Jizhicms | 2025-04-18 | N/A | 9.8 CRITICAL |
| jizhiCMS 2.5 suffers from a File upload vulnerability. | |||||
| CVE-2024-31351 | 1 Copymatic | 1 Copymatic | 2025-04-18 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6. | |||||