Total
2496 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-24350 | 1 Softwarepublico | 1 E-sic Livre | 2024-08-01 | 8.8 High |
File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component. | ||||
CVE-2024-24399 | 1 Lepton-cms | 1 Leptoncms | 2024-08-01 | 7.2 High |
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area. | ||||
CVE-2024-24393 | 1 Oaooa | 1 Pichome | 2024-08-01 | 9.8 Critical |
File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. | ||||
CVE-2024-24025 | 1 Xxyopen | 1 Novel-plus | 2024-08-01 | 9.8 Critical |
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. | ||||
CVE-2024-24026 | 1 Xxyopen | 1 Novel-plus | 2024-08-01 | 9.8 Critical |
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. | ||||
CVE-2024-24000 | 1 Huaxiaerp | 1 Jsherp | 2024-08-01 | 9.8 Critical |
jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths. | ||||
CVE-2024-23759 | 1 Gambio | 1 Gambio | 2024-08-01 | 9.8 Critical |
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | ||||
CVE-2024-23630 | 1 Motorola | 2 Mr2600, Mr2600 Firmware | 2024-08-01 | 9 Critical |
An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed. | ||||
CVE-2024-23534 | 2024-08-01 | N/A | ||
An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
CVE-2024-22895 | 1 Dedecms | 1 Dedecms | 2024-08-01 | 8.8 High |
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. | ||||
CVE-2024-22641 | 2024-08-01 | 7.5 High | ||
TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. | ||||
CVE-2024-22567 | 1 Mingsoft | 1 Mcms | 2024-08-01 | 8.8 High |
File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. | ||||
CVE-2024-22515 | 1 Ispyconnect | 1 Agent Dvr | 2024-08-01 | 8.8 High |
Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. | ||||
CVE-2024-22393 | 2024-08-01 | 9.1 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue. | ||||
CVE-2024-22263 | 2024-08-01 | 8.8 High | ||
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromises the server. | ||||
CVE-2024-22135 | 1 Webtoffee | 1 Order Export \& Order Import For Woocommerce | 2024-08-01 | 8 High |
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3. | ||||
CVE-2024-22152 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2024-08-01 | 8 High |
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7. | ||||
CVE-2024-6647 | 1 Croogo | 1 Croogo | 2024-08-01 | 4.7 Medium |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Croogo up to 4.0.7. This affects an unknown part of the file admin/settings/settings/prefix/Theme of the component Setting Handler. The manipulation of the argument Content-Type leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271053 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
CVE-2024-6220 | 1 Keydatas | 1 Keydatas | 2024-08-01 | 9.8 Critical |
The 简数采集器 (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
CVE-2024-20296 | 2024-08-01 | 4.7 Medium | ||
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root. |