Total
2945 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3591 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability | |||||
| CVE-2013-2748 | 1 Belkin | 2 Wemo Switch, Wemo Switch Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. | |||||
| CVE-2013-2057 | 1 Yabb | 1 Yabb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability | |||||
| CVE-2013-20002 | 1 Themify | 1 Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. | |||||
| CVE-2013-1916 | 1 User Photo Project | 1 User Photo | 2024-11-21 | 8.5 HIGH | 8.8 HIGH |
| In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved. | |||||
| CVE-2013-0803 | 1 Polarbear Cms Project | 1 Polarbear Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. | |||||
| CVE-2012-6649 | 1 Devfarm | 1 Wp Gpx Maps | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload. | |||||
| CVE-2012-5190 | 1 Accusoft | 1 Prizm Content Connect | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability | |||||
| CVE-2012-2950 | 2 Gatewaygeomatics, Microsoft | 2 Mapserver, Windows | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information. | |||||
| CVE-2012-2226 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | |||||
| CVE-2012-1592 | 1 Apache | 1 Struts | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. | |||||
| CVE-2011-4908 | 1 Tiny | 1 Tinybrowser | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. | |||||
| CVE-2011-4907 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Joomla! 1.5x through 1.5.12: Missing JEXEC Check | |||||
| CVE-2011-4906 | 1 Tiny | 1 Tinybrowser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. | |||||
| CVE-2011-4183 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
| A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. | |||||
| CVE-2011-2933 | 1 Websitebaker | 1 Websitebaker | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions. | |||||
| CVE-2011-1597 | 1 Openvas | 1 Openvas Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| OpenVAS Manager v2.0.3 allows plugin remote code execution. | |||||
| CVE-2011-1134 | 1 S9y | 1 Serendipity | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. | |||||
| CVE-2011-10004 | 1 Reciply Project | 1 Reciply | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability. | |||||
| CVE-2010-4661 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | |||||