Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35018 | 1 Ibm | 1 Security Verify Governance | 2023-10-19 | N/A | 7.2 HIGH |
| IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382. | |||||
| CVE-2023-45856 | 1 Qdpm | 1 Qdpm | 2023-10-19 | N/A | 9.8 CRITICAL |
| qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI. | |||||
| CVE-2022-22375 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2023-10-18 | N/A | 8.8 HIGH |
| IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681. | |||||
| CVE-2022-27261 | 1 Express-fileupload Project | 1 Express-fileupload | 2023-10-18 | 4.3 MEDIUM | 7.5 HIGH |
| An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. | |||||
| CVE-2023-24202 | 1 Oretnom23 | 1 Raffle Draw System | 2023-10-18 | N/A | 9.8 CRITICAL |
| Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. | |||||
| CVE-2022-33859 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2023-10-18 | N/A | 9.8 CRITICAL |
| A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . | |||||
| CVE-2023-44962 | 1 Koha-community | 1 Koha Library Software | 2023-10-16 | N/A | 5.3 MEDIUM |
| File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component. | |||||
| CVE-2023-43269 | 1 Pigcms | 1 Pigcms | 2023-10-13 | N/A | 9.8 CRITICAL |
| pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability. | |||||
| CVE-2023-42331 | 1 Elitecms | 1 Elite Cms | 2023-10-13 | N/A | 8.8 HIGH |
| A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. | |||||
| CVE-2023-45353 | 1 Atos | 1 Unify Openscape Common Management | 2023-10-12 | N/A | 8.8 HIGH |
| Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591. | |||||
| CVE-2023-43696 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2023-10-11 | N/A | 9.8 CRITICAL |
| Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. | |||||
| CVE-2023-43321 | 1 Dcnetworks | 2 Dcfw-1800-sdc, Dcfw-1800-sdc Firmware | 2023-10-10 | N/A | 8.8 HIGH |
| File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component. | |||||
| CVE-2023-44061 | 1 Simple And Nice Shopping Cart Script Project | 1 Simple And Nice Shopping Cart Script | 2023-10-10 | N/A | 8.8 HIGH |
| File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. | |||||
| CVE-2023-38836 | 1 Boidcms | 1 Boidcms | 2023-10-10 | N/A | 8.8 HIGH |
| File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks. | |||||
| CVE-2023-43740 | 1 Projectworlds | 1 Online Book Store Project | 2023-10-06 | N/A | 8.8 HIGH |
| Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | |||||
| CVE-2023-43838 | 1 Personal-management-system | 1 Personal Management System | 2023-10-06 | N/A | 7.8 HIGH |
| An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. | |||||
| CVE-2023-44974 | 1 Emlog | 1 Emlog | 2023-10-05 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2023-44973 | 1 Emlog | 1 Emlog | 2023-10-05 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2023-4817 | 1 Icpdas | 2 Et-7060, Et-7060 Firmware | 2023-10-05 | N/A | 8.8 HIGH |
| This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device. | |||||
| CVE-2023-4097 | 1 Qsige | 1 Qsige | 2023-10-04 | N/A | 8.8 HIGH |
| The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username. | |||||