Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7429 | 2 Microfocus, Netiq | 2 Edirectory, Edirectory | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | |||||
| CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | |||||
| CVE-2016-15033 | 1 Delete All Comments Project | 1 Delete All Comments | 2023-11-07 | N/A | 9.8 CRITICAL |
| The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | |||||
| CVE-2015-0796 | 1 Opensuse | 1 Open Buildservice | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service. | |||||
| CVE-2011-4183 | 1 Opensuse | 1 Open Build Service | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. | |||||
| CVE-2023-46428 | 1 Hadsky | 1 Hadsky | 2023-11-06 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2021-24370 | 1 Radykal | 1 Fancy Product Designer | 2023-11-02 | 7.5 HIGH | 9.8 CRITICAL |
| The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution. | |||||
| CVE-2023-3375 | 1 Bookreen | 1 Bookreen | 2023-11-02 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0. | |||||
| CVE-2023-24517 | 1 Pandorafms | 1 Pandora Fms | 2023-11-02 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms. | |||||
| CVE-2023-5524 | 1 M-files | 1 Web Companion | 2023-10-30 | N/A | 7.3 HIGH |
| Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types | |||||
| CVE-2023-26578 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 8.8 HIGH |
| Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. | |||||
| CVE-2023-45555 | 1 Zzzcms | 1 Zzzcms | 2023-10-27 | N/A | 7.8 HIGH |
| File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. | |||||
| CVE-2023-45554 | 1 Zzzcms | 1 Zzzcms | 2023-10-27 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. | |||||
| CVE-2022-39019 | 1 M-files | 1 Hubshare | 2023-10-25 | N/A | 7.5 HIGH |
| Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. | |||||
| CVE-2023-45384 | 1 Knowband | 1 Supercheckout | 2023-10-25 | N/A | 9.8 CRITICAL |
| KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" (supercheckout), a guest can upload files with extensions .php | |||||
| CVE-2023-45952 | 1 Lylme | 1 Lylme Spage | 2023-10-25 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2023-37502 | 1 Hcltech | 1 Hcl Compass | 2023-10-25 | N/A | 8.8 HIGH |
| HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. | |||||
| CVE-2023-46004 | 1 Mayurik | 1 Best Courier Management System | 2023-10-25 | N/A | 7.2 HIGH |
| Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. | |||||
| CVE-2023-41631 | 1 Esst | 1 Esst Monitoring | 2023-10-23 | N/A | 8.8 HIGH |
| eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the file upload function. | |||||
| CVE-2023-34207 | 1 Easyuse | 1 Mailhunter Ultimate | 2023-10-20 | N/A | 8.8 HIGH |
| Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a crafted ZIP archive. | |||||