Total
2498 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-48777 | 2024-08-07 | 9.9 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. | ||||
CVE-2023-23656 | 2024-08-07 | 10 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1. | ||||
CVE-2006-2428 | 1 Duware Dubanner Project | 1 Duware Dubanner | 2024-08-07 | N/A |
add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague. | ||||
CVE-2024-36396 | 1 Verint | 1 Workforce Optimization | 2024-08-07 | 8.8 High |
Verint - CWE-434: Unrestricted Upload of File with Dangerous Type | ||||
CVE-2024-30231 | 2024-08-07 | 9.1 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1. | ||||
CVE-2010-4661 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2024-08-07 | 7.8 High |
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | ||||
CVE-2010-3663 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 8.8 High |
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | ||||
CVE-2010-1433 | 1 Joomla | 1 Joomla\! | 2024-08-07 | 9.8 Critical |
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | ||||
CVE-2011-4907 | 1 Joomla | 1 Joomla\! | 2024-08-07 | 5.3 Medium |
Joomla! 1.5x through 1.5.12: Missing JEXEC Check | ||||
CVE-2011-4906 | 1 Tiny | 1 Tinybrowser | 2024-08-07 | 9.8 Critical |
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. | ||||
CVE-2011-4908 | 1 Tiny | 1 Tinybrowser | 2024-08-07 | 9.8 Critical |
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. | ||||
CVE-2011-4334 | 1 Labwiki Project | 1 Labwiki | 2024-08-07 | N/A |
edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter. | ||||
CVE-2011-2933 | 1 Websitebaker | 1 Websitebaker | 2024-08-06 | 7.2 High |
An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions. | ||||
CVE-2011-1597 | 1 Openvas | 1 Openvas Manager | 2024-08-06 | 8.8 High |
OpenVAS Manager v2.0.3 allows plugin remote code execution. | ||||
CVE-2011-1134 | 1 S9y | 1 Serendipity | 2024-08-06 | 9.8 Critical |
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. | ||||
CVE-2012-6649 | 1 Devfarm | 1 Wp Gpx Maps | 2024-08-06 | 9.8 Critical |
WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload. | ||||
CVE-2012-5190 | 1 Accusoft | 1 Prizm Content Connect | 2024-08-06 | 9.8 Critical |
Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability | ||||
CVE-2012-2950 | 2 Gatewaygeomatics, Microsoft | 2 Mapserver, Windows | 2024-08-06 | 8.1 High |
Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information. | ||||
CVE-2024-6315 | 1 Unitecms | 1 Blox Page Builder | 2024-08-06 | 8.8 High |
The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
CVE-2012-2226 | 1 Invisioncommunity | 1 Invision Power Board | 2024-08-06 | 9.8 Critical |
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. |