Total
2055 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-4990 | 1 Emc | 1 Avamar Server | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | |||||
| CVE-2017-6041 | 1 Marel | 44 A320, A320 Firmware, A325 and 41 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection. | |||||
| CVE-2015-7571 | 1 Yeager | 1 Yeager Cms | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | |||||
| CVE-2017-3108 | 1 Adobe | 1 Experience Manager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | |||||
| CVE-2017-1000119 | 1 Octobercms | 1 October | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | |||||
| CVE-2017-1002008 | 1 Membership Simplified Project | 1 Membership Simplified | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. | |||||
| CVE-2017-14123 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp. | |||||
| CVE-2017-15054 | 1 Teampass | 1 Teampass | 2024-02-04 | 6.5 MEDIUM | 7.5 HIGH |
| An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server. | |||||
| CVE-2017-9364 | 1 Bigtreecms | 1 Bigtree Cms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | |||||
| CVE-2014-9312 | 1 10web | 1 Photo Gallery | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | |||||
| CVE-2016-1713 | 1 Vtiger | 1 Vtiger Crm | 2024-02-04 | 8.5 HIGH | 7.3 HIGH |
| Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000. | |||||
| CVE-2017-7695 | 1 Bigtreecms | 1 Bigtree Cms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. | |||||
| CVE-2017-7357 | 1 Atlassian | 1 Hipchat Server | 2024-02-04 | 6.5 MEDIUM | 9.1 CRITICAL |
| Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | |||||
| CVE-2017-7989 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. | |||||
| CVE-2017-9080 | 1 Playsms | 1 Playsms | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection. | |||||
| CVE-2017-9101 | 1 Playsms | 1 Playsms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. | |||||
| CVE-2016-6124 | 1 Ibm | 1 Kenexa Lms On Cloud | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||
| CVE-2017-6027 | 1 Codesys | 1 Web Server | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. | |||||
| CVE-2017-8080 | 1 Atlassian | 1 Hipchat Server | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | |||||
| CVE-2017-9069 | 1 Modx | 1 Modx Revolution | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | |||||