Total
2510 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-34660 | 1 Jeecg | 1 Jeecg Boot | 2024-08-02 | 6.5 Medium |
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface. | ||||
CVE-2023-32637 | 1 Gmod | 1 Gbrowse | 2024-08-02 | 9.8 Critical |
GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server. | ||||
CVE-2023-34394 | 1 Keysight | 1 Geolocation Server | 2024-08-02 | 7.8 High |
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition. | ||||
CVE-2023-34385 | 1 Akshaymenariya | 1 Export Import Menus | 2024-08-02 | 9.9 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.This issue affects Export Import Menus: from n/a through 1.8.0. | ||||
CVE-2023-29386 | 2024-08-02 | 9.1 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0. | ||||
CVE-2023-34193 | 1 Zimbra | 1 Collaboration | 2024-08-02 | 8.8 High |
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. | ||||
CVE-2023-34126 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-08-02 | 8.8 High |
Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
CVE-2023-34136 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-08-02 | 9.8 Critical |
Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
CVE-2023-34007 | 1 Wpchill | 1 Download Monitor | 2024-08-02 | 9.9 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3. | ||||
CVE-2023-33930 | 2024-08-02 | 9.1 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.66. | ||||
CVE-2023-33601 | 1 Phpok | 1 Phpok | 2024-08-02 | 8.8 High |
An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2023-33569 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2024-08-02 | 7.2 High |
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user. | ||||
CVE-2023-33508 | 1 Kramerav | 2 Via Go2, Via Go2 Firmware | 2024-08-02 | 9.8 Critical |
KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). | ||||
CVE-2023-33493 | 1 Ajaxmanager Project | 1 Ajaxmanager | 2024-08-02 | 9.8 Critical |
An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload dangerous files without restrictions. | ||||
CVE-2023-33404 | 1 Blogengine | 1 Blogengine.net | 2024-08-02 | 9.8 Critical |
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code. | ||||
CVE-2023-33498 | 1 Alist Project | 1 Alist | 2024-08-02 | 8.8 High |
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file. | ||||
CVE-2023-33386 | 1 Marsctf Project | 1 Marsctf | 2024-08-02 | 9.8 Critical |
MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background. | ||||
CVE-2023-33318 | 1 Woocommerce | 1 Automatewoo | 2024-08-02 | 9.9 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40. | ||||
CVE-2023-33253 | 1 Agilebio | 1 Labcollector | 2024-08-02 | 8.8 High |
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent. | ||||
CVE-2023-32757 | 1 Edetw | 1 U-office Force | 2024-08-02 | 9.8 Critical |
e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. |