Total
1161 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40051 | 1 Progress | 2 Openedge, Openedge Innovation | 2024-11-21 | N/A | 9.1 CRITICAL |
| This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible. | |||||
| CVE-2023-40050 | 1 Chef | 1 Automate | 2024-11-21 | N/A | 9.9 CRITICAL |
| Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution. | |||||
| CVE-2023-3342 | 1 Wpeverest | 1 User Registration | 2024-11-21 | N/A | 9.9 CRITICAL |
| The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1. | |||||
| CVE-2023-3049 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15. | |||||
| CVE-2023-39776 | 1 Phpjabbers | 1 Ticket Support Script | 2024-11-21 | N/A | 9.8 CRITICAL |
| A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2023-39424 | 1 Resortdata | 1 Internet Reservation Module Next Generation | 2024-11-21 | N/A | 9.9 CRITICAL |
| A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials. | |||||
| CVE-2023-39115 | 1 Campcodes | 1 Complete Online Matrimonial Website System Script | 2024-11-21 | N/A | 9.8 CRITICAL |
| install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document. | |||||
| CVE-2023-38915 | 1 Wolf18 | 1 Easyadmin8 | 2024-11-21 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function. | |||||
| CVE-2023-38029 | 1 Saho | 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service. | |||||
| CVE-2023-37839 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2023-37677 | 1 Pligg | 1 Pligg Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php. | |||||
| CVE-2023-37656 | 1 Websiteguide Project | 1 Websiteguide | 2024-11-21 | N/A | 9.8 CRITICAL |
| WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload. | |||||
| CVE-2023-37629 | 1 Simple Online Piggery Management System Project | 1 Simple Online Piggery Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php." | |||||
| CVE-2023-37502 | 1 Hcltech | 1 Hcl Compass | 2024-11-21 | N/A | 9.0 CRITICAL |
| HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. | |||||
| CVE-2023-37289 | 1 Infodoc | 1 Document On-line Submission And Approval System | 2024-11-21 | N/A | 9.8 CRITICAL |
| It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. This issue affects Document On-line Submission and Approval System: 22547, 22567. | |||||
| CVE-2023-37152 | 1 Online Art Gallery Project | 1 Online Art Gallery | 2024-11-21 | N/A | 9.8 CRITICAL |
| Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability. | |||||
| CVE-2023-36097 | 1 Funadmin | 1 Funadmin | 2024-11-21 | N/A | 9.8 CRITICAL |
| funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install. | |||||
| CVE-2023-35189 | 1 Iagona | 1 Scrutisweb | 2024-11-21 | N/A | 10.0 CRITICAL |
| Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it. | |||||
| CVE-2023-34798 | 1 Weaver | 1 E-office | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2023-34738 | 1 Chemex | 1 Chemex | 2024-11-21 | N/A | 9.8 CRITICAL |
| Chemex through 3.7.1 is vulnerable to arbitrary file upload. | |||||