Total
2498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39040 | 1 Ibm | 1 Planning Analytics Workspace | 2024-09-16 | 8.0 High |
| IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. | ||||
| CVE-2018-19420 | 1 Get-simple | 1 Getsimple Cms | 2024-09-16 | N/A |
| In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | ||||
| CVE-2021-34624 | 1 Properfraction | 1 Profilepress | 2024-09-16 | 9.8 Critical |
| A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. . | ||||
| CVE-2021-23280 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-09-16 | 8 High |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a specially crafted packet to exploit the vulnerability. | ||||
| CVE-2018-18874 | 1 Nconsulting | 1 Nc-cms | 2024-09-16 | N/A |
| nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI. | ||||
| CVE-2019-4612 | 1 Ibm | 1 Planning Analytics | 2024-09-16 | 8.8 High |
| IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523. | ||||
| CVE-2018-1000839 | 1 Librehealth | 1 Librehealth Ehr | 2024-09-16 | N/A |
| LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type. | ||||
| CVE-2019-9608 | 1 Ofcms Project | 1 Ofcms | 2024-09-16 | N/A |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI. | ||||
| CVE-2019-1888 | 1 Cisco | 2 Unified Contact Center Express, Unified Ip Interactive Voice Response | 2024-09-16 | 7.2 High |
| A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administrator credentials. The vulnerability is due to insufficient restrictions for the content uploaded to an affected system. An attacker could exploit this vulnerability by uploading arbitrary files containing operating system commands that will be executed by an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web interface and then elevate their privileges to root. | ||||
| CVE-2018-18888 | 1 Laravelcms Project | 1 Laravelcms | 2024-09-16 | N/A |
| An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed. | ||||
| CVE-2019-7721 | 1 Nconsulting | 1 Nc-cms | 2024-09-16 | N/A |
| lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters. | ||||
| CVE-2020-4588 | 2 Ibm, Microsoft | 2 I2 Ibase, Windows | 2024-09-16 | 7.8 High |
| IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579. | ||||
| CVE-2024-7732 | 1 Secom | 1 Dr.id Attendance System | 2024-09-16 | 9.8 Critical |
| Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. | ||||
| CVE-2018-1453 | 1 Ibm | 1 Security Identity Manager | 2024-09-16 | N/A |
| IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055. | ||||
| CVE-2018-1342 | 1 Netiq | 1 Access Manager | 2024-09-16 | N/A |
| A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console. | ||||
| CVE-2022-22392 | 1 Ibm | 1 Planning Analytics Workspace | 2024-09-16 | 7.8 High |
| IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. | ||||
| CVE-2020-29032 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2024-09-16 | 8.4 High |
| Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022 | ||||
| CVE-2020-4703 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | 8.0 High |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188. | ||||
| CVE-2017-7695 | 1 Bigtreecms | 1 Bigtree Cms | 2024-09-16 | N/A |
| Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. | ||||
| CVE-2024-28166 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-09-16 | 3.7 Low |
| SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | ||||