Total
2498 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-1592 | 1 Apache | 1 Struts | 2024-08-06 | 8.8 High |
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. | ||||
CVE-2024-0916 | 2024-08-06 | 10 Critical | ||
Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3. | ||||
CVE-2023-27440 | 2024-08-06 | 7.2 High | ||
Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17. | ||||
CVE-2023-38388 | 2024-08-06 | 9 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5. | ||||
CVE-2013-20002 | 1 Themify | 1 Framework | 2024-08-06 | 9.8 Critical |
Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. | ||||
CVE-2013-7426 | 1 Kamailio | 1 Kamailio | 2024-08-06 | N/A |
Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | ||||
CVE-2013-7390 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-06 | 9.8 Critical |
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | ||||
CVE-2013-6358 | 1 Prestashop | 1 Prestashop | 2024-08-06 | 8.8 High |
PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. | ||||
CVE-2013-6234 | 1 Eng | 1 Spagobi | 2024-08-06 | 8.0 High |
Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload." | ||||
CVE-2013-4796 | 1 Reviewboard | 1 Reviewboard | 2024-08-06 | 8.8 High |
ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request | ||||
CVE-2024-7484 | 1 Crmperks | 1 Crm Perks Forms | 2024-08-06 | 7.2 High |
The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
CVE-2013-3684 | 1 Imagely | 1 Nextgen Gallery | 2024-08-06 | 9.8 Critical |
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload | ||||
CVE-2013-3591 | 1 Vtiger | 1 Vtiger Crm | 2024-08-06 | 8.8 High |
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability | ||||
CVE-2023-49815 | 2024-08-06 | 10 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. | ||||
CVE-2013-2748 | 1 Belkin | 2 Wemo Switch, Wemo Switch Firmware | 2024-08-06 | 9.8 Critical |
Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. | ||||
CVE-2013-2057 | 1 Yabb | 1 Yabb | 2024-08-06 | 9.8 Critical |
YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability | ||||
CVE-2013-1916 | 1 User Photo Project | 1 User Photo | 2024-08-06 | 8.8 High |
In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved. | ||||
CVE-2023-47873 | 2024-08-06 | 9.1 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9. | ||||
CVE-2023-47846 | 2024-08-06 | 9.1 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2. | ||||
CVE-2023-47842 | 2024-08-06 | 9.1 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. |