Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43436 | 1 Easy Test Project | 1 Easy Test | 2023-01-09 | N/A | 8.8 HIGH |
| The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service. | |||||
| CVE-2022-4732 | 1 Microweber | 1 Microweber | 2023-01-05 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. | |||||
| CVE-2022-46102 | 1 Ayacms Project | 1 Ayacms | 2023-01-05 | N/A | 9.8 CRITICAL |
| AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php | |||||
| CVE-2022-45427 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2023-01-05 | N/A | 7.2 HIGH |
| Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files. | |||||
| CVE-2022-45896 | 1 Planetestream | 1 Planet Estream | 2023-01-04 | N/A | 9.8 CRITICAL |
| Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution. | |||||
| CVE-2022-45966 | 1 Classcms Project | 1 Classcms | 2023-01-03 | N/A | 9.8 CRITICAL |
| here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5. | |||||
| CVE-2022-4665 | 1 Ampache | 1 Ampache | 2022-12-30 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6. | |||||
| CVE-2022-46493 | 1 Nbnbk Project | 1 Nbnbk | 2022-12-30 | N/A | 9.8 CRITICAL |
| Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img. | |||||
| CVE-2022-0517 | 1 Mozilla | 1 Vpn | 2022-12-29 | N/A | 7.8 HIGH |
| Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1. | |||||
| CVE-2022-46020 | 1 Wbce | 1 Wbce Cms | 2022-12-29 | N/A | 9.8 CRITICAL |
| WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. | |||||
| CVE-2022-46135 | 1 Aerocms Project | 1 Aerocms | 2022-12-22 | N/A | 7.2 HIGH |
| In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. | |||||
| CVE-2022-45338 | 1 Exactsoftware | 1 Exact Synergy | 2022-12-21 | N/A | 7.8 HIGH |
| An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file. | |||||
| CVE-2020-20588 | 1 Ibarn Project | 1 Ibarn | 2022-12-20 | N/A | 8.8 HIGH |
| File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php. | |||||
| CVE-2022-41267 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2022-12-15 | N/A | 8.8 HIGH |
| SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application. | |||||
| CVE-2022-45275 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2022-12-15 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-45968 | 1 Alist Project | 1 Alist | 2022-12-14 | N/A | 8.8 HIGH |
| Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one). | |||||
| CVE-2022-45759 | 1 Sens Project | 1 Sens | 2022-12-12 | N/A | 8.8 HIGH |
| SENS v1.0 has a file upload vulnerability. | |||||
| CVE-2022-46828 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2022-12-12 | N/A | 7.8 HIGH |
| In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | |||||
| CVE-2019-4056 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2022-12-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565. | |||||
| CVE-2019-4069 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2022-12-09 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014. | |||||