Total
2498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-10087 | 1 Upthemes | 1 Designfolio-plus | 2024-08-06 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2015-1000001 | 1 Fast-image-adder Project | 1 Fast-image-adder | 2024-08-06 | N/A |
| Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | ||||
| CVE-2015-1000013 | 1 Csv2wpec-coupon Project | 1 Csv2wpec-coupon | 2024-08-06 | N/A |
| Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 | ||||
| CVE-2015-1000000 | 1 Mailcwp Project | 1 Mailcwp | 2024-08-06 | N/A |
| Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | ||||
| CVE-2015-9499 | 1 Themepunch | 1 Showbiz Pro | 2024-08-06 | 9.8 Critical |
| The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. | ||||
| CVE-2015-9479 | 1 Advancedcustomfields | 1 Acf Fronted Display | 2024-08-06 | 9.8 Critical |
| The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php. | ||||
| CVE-2015-9471 | 1 Digitalzoomstudio | 1 Zoomsounds | 2024-08-06 | 9.8 Critical |
| The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload. | ||||
| CVE-2015-9402 | 1 Usersultra | 1 Users Ultra Membership | 2024-08-06 | 8.8 High |
| The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. | ||||
| CVE-2015-9339 | 1 Iptanus | 1 Wordpress File Upload | 2024-08-06 | N/A |
| The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. | ||||
| CVE-2015-9341 | 1 Iptanus | 1 Wordpress File Upload | 2024-08-06 | N/A |
| The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. | ||||
| CVE-2015-9338 | 1 Iptanus | 1 Wordpress File Upload | 2024-08-06 | N/A |
| The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. | ||||
| CVE-2015-9340 | 1 Iptanus | 1 Wordpress File Upload | 2024-08-06 | N/A |
| The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. | ||||
| CVE-2015-9263 | 1 Idera | 1 Uptime Infrastructure Monitor | 2024-08-06 | N/A |
| An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands. | ||||
| CVE-2015-9259 | 1 Docker | 1 Notary | 2024-08-06 | N/A |
| In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file. | ||||
| CVE-2015-9271 | 1 Videowhisper | 1 Video Conference | 2024-08-06 | N/A |
| The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905. | ||||
| CVE-2015-9228 | 1 Imagely | 1 Nextgen Gallery | 2024-08-06 | N/A |
| In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | ||||
| CVE-2015-8249 | 1 Manageengine | 1 Desktop Central | 2024-08-06 | N/A |
| The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. | ||||
| CVE-2015-7571 | 1 Yeager | 1 Yeager Cms | 2024-08-06 | N/A |
| Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | ||||
| CVE-2015-7339 | 1 Widgetfactorylimited | 1 Jce | 2024-08-06 | 8.8 High |
| JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script. | ||||
| CVE-2015-7341 | 1 Joobi | 1 Jnews | 2024-08-06 | 8.8 High |
| JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. | ||||