Total
1113 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10752 | 1 S9y | 1 Serendipity | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. | |||||
CVE-2016-10036 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. | |||||
CVE-2015-9499 | 1 Themepunch | 1 Showbiz Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. | |||||
CVE-2015-9479 | 1 Advancedcustomfields | 1 Acf Fronted Display | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php. | |||||
CVE-2015-9471 | 1 Digitalzoomstudio | 1 Zoomsounds | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload. | |||||
CVE-2015-9271 | 1 Videowhisper | 1 Video Conference | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905. | |||||
CVE-2015-9263 | 1 Idera | 1 Uptime Infrastructure Monitor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands. | |||||
CVE-2015-9259 | 1 Docker | 1 Notary | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file. | |||||
CVE-2015-5951 | 1 Thomsonreuters | 1 Fatca | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands. | |||||
CVE-2014-8739 | 2 Creative-solutions, Jquery File Upload Project | 2 Creative Contact Form, Jquery File Upload | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. | |||||
CVE-2014-8516 | 1 Cloudfastpath | 1 Netcharts Server | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | |||||
CVE-2014-8337 | 1 Helpdezk | 1 Helpdezk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. | |||||
CVE-2014-4972 | 1 Ajax Upload For Gravity Forms Project | 1 Ajax Upload For Gravity Forms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms. | |||||
CVE-2014-4912 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. | |||||
CVE-2014-3448 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload | |||||
CVE-2014-2592 | 1 Arubanetworks | 1 Web Management Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | |||||
CVE-2014-2025 | 1 Unitedplanet | 1 Intrexx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors. | |||||
CVE-2014-10074 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files. | |||||
CVE-2013-7390 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | |||||
CVE-2013-3684 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload |