Total
1113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2748 | 1 Belkin | 2 Wemo Switch, Wemo Switch Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. | |||||
| CVE-2013-2057 | 1 Yabb | 1 Yabb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability | |||||
| CVE-2013-20002 | 1 Themify | 1 Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. | |||||
| CVE-2013-0803 | 1 Polarbear Cms Project | 1 Polarbear Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. | |||||
| CVE-2012-6649 | 1 Devfarm | 1 Wp Gpx Maps | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload. | |||||
| CVE-2012-5190 | 1 Accusoft | 1 Prizm Content Connect | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability | |||||
| CVE-2012-2226 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | |||||
| CVE-2011-4908 | 1 Tiny | 1 Tinybrowser | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. | |||||
| CVE-2011-4906 | 1 Tiny | 1 Tinybrowser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. | |||||
| CVE-2011-1134 | 1 S9y | 1 Serendipity | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. | |||||
| CVE-2010-1433 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | |||||
| CVE-2024-11311 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-11312 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-11313 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-11314 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-11315 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-10820 | 1 Vanquish | 1 Woocommerce Upload Files | 2024-11-19 | N/A | 9.8 CRITICAL |
| The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-11018 | 1 Vice | 1 Webopac | 2024-11-18 | N/A | 9.8 CRITICAL |
| Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server. | |||||
| CVE-2024-52403 | 2024-11-18 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in WPExperts User Management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through 1.1. | |||||
| CVE-2024-52405 | 2024-11-18 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Bikram Joshi B-Banner Slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through 1.1. | |||||