Search
Total
1387 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1002000 | 1 Mobile-friendly-app-builder-by-easytouch Project | 1 Mobile-friendly-app-builder-by-easytouch | 2017-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content. | |||||
| CVE-2014-9619 | 1 Netsweeper | 1 Netsweeper | 2017-09-27 | 6.5 MEDIUM | 7.2 HIGH |
| Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif. | |||||
| CVE-2017-14346 | 1 Blog Project | 1 Blog | 2017-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | |||||
| CVE-2017-14399 | 1 Blackcat-cms | 1 Blackcat Cms | 2017-09-19 | 6.5 MEDIUM | 8.8 HIGH |
| In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. | |||||
| CVE-2016-0354 | 1 Ibm | 1 Sametime | 2017-09-07 | 6.0 MEDIUM | 5.5 MEDIUM |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893. | |||||
| CVE-2013-7426 | 1 Kamailio | 1 Kamailio | 2017-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | |||||
| CVE-2017-14050 | 1 Blackcat-cms | 1 Blackcat Cms | 2017-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. | |||||
| CVE-2017-3108 | 1 Adobe | 1 Experience Manager | 2017-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | |||||
| CVE-2015-4463 | 1 Efrontlearning | 1 Efront | 2017-08-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL. | |||||
| CVE-2015-4462 | 1 Efrontlearning | 1 Efront | 2017-08-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php. | |||||
| CVE-2017-11756 | 1 Earcms | 1 Ear Music | 2017-08-04 | 6.0 MEDIUM | 7.0 HIGH |
| In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code. | |||||
| CVE-2017-11466 | 1 Dotcms | 1 Dotcms | 2017-07-25 | 9.0 HIGH | 7.2 HIGH |
| Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI. | |||||
| CVE-2006-5845 | 1 Speedywiki | 1 Speedywiki | 2017-07-20 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1. | |||||
| CVE-2017-4990 | 1 Emc | 1 Avamar Server | 2017-07-07 | 7.5 HIGH | 9.8 CRITICAL |
| In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | |||||
| CVE-2017-9840 | 1 Dolibarr | 1 Dolibarr | 2017-06-30 | 6.5 MEDIUM | 8.8 HIGH |
| Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application. | |||||
| CVE-2015-4455 | 1 Aviary Image Editor Add-on For Gravity Forms Project | 1 Aviary Image Editor Add-on For Gravity Forms | 2017-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. | |||||
| CVE-2017-9364 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | |||||
| CVE-2017-9069 | 1 Modx | 1 Modx Revolution | 2017-05-30 | 6.5 MEDIUM | 8.8 HIGH |
| In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | |||||
| CVE-2017-7989 | 1 Joomla | 1 Joomla\! | 2017-05-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. | |||||
| CVE-2017-7281 | 1 Unitrends | 1 Enterprise Backup | 2017-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload. | |||||
| CVE-2017-7695 | 1 Bigtreecms | 1 Bigtree Cms | 2017-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. | |||||
| CVE-2016-8973 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2017-03-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960. | |||||
| CVE-2015-3884 | 1 Qdpm | 1 Qdpm | 2017-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. | |||||
| CVE-2015-1000001 | 1 Fast-image-adder Project | 1 Fast-image-adder | 2017-03-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | |||||
| CVE-2016-8921 | 1 Ibm | 1 Filenet Workplace Xt | 2017-02-13 | 6.5 MEDIUM | 8.8 HIGH |
| IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||
| CVE-2016-6104 | 1 Ibm | 1 Security Key Lifecycle Manager | 2017-02-13 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. | |||||
| CVE-2016-6124 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-07 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||
| CVE-2016-7902 | 1 Dotclear | 1 Dotclear | 2017-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20. | |||||
| CVE-2015-0702 | 1 Cisco | 1 Unified Meetingplace | 2017-01-06 | 9.0 HIGH | N/A |
| Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. | |||||
| CVE-2015-4524 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2016-12-28 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server. | |||||
| CVE-2016-9186 | 1 Moodle | 1 Moodle | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | |||||
| CVE-2016-9187 | 1 Moodle | 1 Moodle | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | |||||
| CVE-2016-9268 | 1 Dotclear | 1 Dotclear | 2016-11-29 | 9.0 HIGH | 7.2 HIGH |
| Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors. | |||||
| CVE-2016-5050 | 1 Readydesk | 1 Readydesk | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file. | |||||
| CVE-2016-2914 | 1 Ibm | 1 Rational Publishing Engine | 2016-11-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension. | |||||
| CVE-2015-1000013 | 1 Csv2wpec-coupon Project | 1 Csv2wpec-coupon | 2016-11-28 | 5.0 MEDIUM | 7.8 HIGH |
| Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 | |||||
| CVE-2015-1000000 | 1 Mailcwp Project | 1 Mailcwp | 2016-10-27 | 5.0 MEDIUM | 9.8 CRITICAL |
| Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | |||||