Total
2510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40204 | 1 Premio | 1 Folders | 2024-08-02 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2. | ||||
| CVE-2023-40051 | 1 Progress | 2 Openedge, Openedge Innovation | 2024-08-02 | 9.1 Critical |
| This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible. | ||||
| CVE-2023-39776 | 1 Phpjabbers | 1 Ticket Support Script | 2024-08-02 | 9.8 Critical |
| A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2023-39538 | 1 Ami | 1 Aptio V | 2024-08-02 | 7.5 High |
| AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | ||||
| CVE-2023-39539 | 1 Ami | 1 Aptio V | 2024-08-02 | 7.5 High |
| AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | ||||
| CVE-2023-39462 | 2024-08-02 | N/A | ||
| Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilitites to execute arbitrary code in the context of root. Was ZDI-CAN-20536. | ||||
| CVE-2023-39463 | 2024-08-02 | N/A | ||
| Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537. | ||||
| CVE-2023-39346 | 1 Renjikai | 1 Linuxasmcallgraph | 2024-08-02 | 8.8 High |
| LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds. | ||||
| CVE-2023-39147 | 1 Webkul | 1 Uvdesk | 2024-08-02 | 7.8 High |
| An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file. | ||||
| CVE-2023-39115 | 1 Campcodes | 1 Complete Online Matrimonial Website System Script | 2024-08-02 | 9.8 Critical |
| install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document. | ||||
| CVE-2023-38947 | 1 Wbce | 1 Wbce Cms | 2024-08-02 | 7.2 High |
| An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2023-38874 | 1 Economizzer | 1 Economizzer | 2024-08-02 | 8.8 High |
| A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands. | ||||
| CVE-2023-38915 | 1 Wolf18 | 1 Easyadmin8 | 2024-08-02 | 9.8 Critical |
| File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function. | ||||
| CVE-2023-38836 | 1 Boidcms | 1 Boidcms | 2024-08-02 | 8.8 High |
| File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks. | ||||
| CVE-2024-25925 | 2024-08-02 | 10 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12. | ||||
| CVE-2023-38404 | 1 Veritas | 1 Infoscale Operations Manager | 2024-08-02 | 7.2 High |
| The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server. | ||||
| CVE-2023-38330 | 1 Oxid-esales | 1 Eshop | 2024-08-02 | 5.3 Medium |
| OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack. | ||||
| CVE-2023-38029 | 1 Saho | 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more | 2024-08-02 | 9.8 Critical |
| Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service. | ||||
| CVE-2023-37839 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 9.8 Critical |
| An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2023-37677 | 1 Pligg | 1 Pligg Cms | 2024-08-02 | 9.8 Critical |
| Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php. | ||||