Total
3214 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39377 | 1 Siberiancms | 1 Siberiancms | 2024-11-21 | N/A | 7.2 HIGH |
| SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method | |||||
| CVE-2023-39346 | 1 Renjikai | 1 Linuxasmcallgraph | 2024-11-21 | N/A | 8.8 HIGH |
| LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds. | |||||
| CVE-2023-39147 | 1 Webkul | 1 Uvdesk | 2024-11-21 | N/A | 7.8 HIGH |
| An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file. | |||||
| CVE-2023-39115 | 1 Campcodes | 1 Complete Online Matrimonial Website System Script | 2024-11-21 | N/A | 9.8 CRITICAL |
| install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document. | |||||
| CVE-2023-38947 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2023-38915 | 1 Wolf18 | 1 Easyadmin8 | 2024-11-21 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function. | |||||
| CVE-2023-38887 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A | 8.8 HIGH |
| File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. | |||||
| CVE-2023-38874 | 1 Economizzer | 1 Economizzer | 2024-11-21 | N/A | 8.8 HIGH |
| A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands. | |||||
| CVE-2023-38404 | 1 Veritas | 1 Infoscale Operations Manager | 2024-11-21 | N/A | 7.2 HIGH |
| The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server. | |||||
| CVE-2023-38330 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | N/A | 5.3 MEDIUM |
| OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack. | |||||
| CVE-2023-38029 | 1 Saho | 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service. | |||||
| CVE-2023-37839 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2023-37677 | 1 Pligg | 1 Pligg Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php. | |||||
| CVE-2023-37656 | 1 Websiteguide Project | 1 Websiteguide | 2024-11-21 | N/A | 9.8 CRITICAL |
| WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload. | |||||
| CVE-2023-37629 | 1 Simple Online Piggery Management System Project | 1 Simple Online Piggery Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php." | |||||
| CVE-2023-37502 | 1 Hcltech | 1 Hcl Compass | 2024-11-21 | N/A | 9.0 CRITICAL |
| HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. | |||||
| CVE-2023-37289 | 1 Infodoc | 1 Document On-line Submission And Approval System | 2024-11-21 | N/A | 9.8 CRITICAL |
| It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. This issue affects Document On-line Submission and Approval System: 22547, 22567. | |||||
| CVE-2023-37208 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | |||||
| CVE-2023-37152 | 1 Online Art Gallery Project | 1 Online Art Gallery | 2024-11-21 | N/A | 9.8 CRITICAL |
| Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability. | |||||
| CVE-2023-36969 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A | 8.8 HIGH |
| CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. | |||||