Total
2957 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28890 | 2 Incsub, Wpmudev | 2 Forminator, Broken Link Checker | 2025-04-04 | 5.3 Medium |
| Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition. | ||||
| CVE-2021-26642 | 2 Microsoft, Xpressengine | 2 Windows, Xpressengine | 2025-04-03 | 8.8 High |
| When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | ||||
| CVE-2022-47766 | 1 Popojicms | 1 Popojicms | 2025-04-03 | 8.8 High |
| PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability. | ||||
| CVE-2001-0901 | 1 Hypermail Development | 1 Hypermail | 2025-04-03 | N/A |
| Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment. | ||||
| CVE-1999-0036 | 1 Sgi | 1 Irix | 2025-04-03 | 8.4 High |
| IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. | ||||
| CVE-2001-0340 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. | ||||
| CVE-2006-4471 | 1 Joomla | 1 Joomla\! | 2025-04-03 | N/A |
| The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. | ||||
| CVE-2006-2428 | 1 Duware Dubanner Project | 1 Duware Dubanner | 2025-04-03 | N/A |
| add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague. | ||||
| CVE-2005-3288 | 1 Rockliffe | 1 Mailsite Express | 2025-04-03 | N/A |
| Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message. | ||||
| CVE-2005-0254 | 1 Guillaumegardey | 1 Biborb | 2025-04-03 | 3.7 Low |
| BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files. | ||||
| CVE-2006-4558 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | N/A |
| DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php. | ||||
| CVE-2005-1868 | 1 Yvesglodt | 1 I-man | 2025-04-03 | N/A |
| I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. | ||||
| CVE-2005-1881 | 1 Yapig | 1 Yapig | 2025-04-03 | N/A |
| upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code. | ||||
| CVE-2004-2262 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. | ||||
| CVE-2002-1841 | 1 Noguska | 1 Nola | 2025-04-03 | N/A |
| The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4. | ||||
| CVE-2001-1099 | 2 Microsoft, Symantec | 2 Exchange Server, Norton Antivirus | 2025-04-03 | N/A |
| The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. | ||||
| CVE-2021-27860 | 1 Fatpipeinc | 6 Ipvpn, Ipvpn Firmware, Mpvpn and 3 more | 2025-04-02 | 9.8 Critical |
| A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006. | ||||
| CVE-2024-25274 | 1 Xxyopen | 1 Novel-plus | 2025-04-02 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-22824 | 1 Auntvt | 1 Timo | 2025-04-02 | 9.8 Critical |
| An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. | ||||
| CVE-2016-3088 | 2 Apache, Redhat | 3 Activemq, Jboss Amq, Jboss Fuse | 2025-04-02 | 9.8 Critical |
| The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. | ||||