Total
2498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6000 | 1 Vtiger | 1 Vtiger Crm | 2024-08-06 | 8.8 High |
| Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/. | ||||
| CVE-2015-5951 | 1 Thomsonreuters | 1 Fatca | 2024-08-06 | 9.9 Critical |
| A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands. | ||||
| CVE-2015-5601 | 1 Edx | 1 Edx-platform | 2024-08-06 | N/A |
| edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. | ||||
| CVE-2015-4553 | 1 Dedecms | 1 Dedecms | 2024-08-06 | 8.8 High |
| A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. | ||||
| CVE-2015-4524 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2024-08-06 | N/A |
| Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server. | ||||
| CVE-2015-4463 | 1 Efrontlearning | 1 Efront | 2024-08-06 | N/A |
| The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL. | ||||
| CVE-2015-4462 | 1 Efrontlearning | 1 Efront | 2024-08-06 | N/A |
| Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php. | ||||
| CVE-2015-4455 | 1 Aviary Image Editor Add-on For Gravity Forms Project | 1 Aviary Image Editor Add-on For Gravity Forms | 2024-08-06 | N/A |
| Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. | ||||
| CVE-2015-3884 | 1 Qdpm | 1 Qdpm | 2024-08-06 | 8.8 High |
| Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. | ||||
| CVE-2015-2780 | 1 Berta | 1 Berta Cms | 2024-08-06 | N/A |
| Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
| CVE-2015-1785 | 1 Imagely | 1 Nextgen Gallery | 2024-08-06 | 6.5 Medium |
| In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | ||||
| CVE-2015-1784 | 1 Imagely | 1 Nextgen Gallery | 2024-08-06 | 8.8 High |
| In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | ||||
| CVE-2015-0702 | 1 Cisco | 1 Unified Meetingplace | 2024-08-06 | N/A |
| Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. | ||||
| CVE-2015-0258 | 3 Canonical, Debian, O-dyn | 3 Ubuntu Linux, Debian Linux, Collabtive | 2024-08-06 | 8.8 High |
| Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. | ||||
| CVE-2016-15033 | 1 Delete All Comments Project | 1 Delete All Comments | 2024-08-06 | 9.8 Critical |
| The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | ||||
| CVE-2016-11020 | 1 Kunena | 1 Kunena | 2024-08-06 | 9.8 Critical |
| Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. | ||||
| CVE-2016-10995 | 1 Templatic | 1 Telvolution | 2024-08-06 | 9.8 Critical |
| The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php. | ||||
| CVE-2016-10959 | 1 Estatik | 1 Estatik | 2024-08-06 | 6.5 Medium |
| The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. | ||||
| CVE-2016-10958 | 1 Estatik | 1 Estatik | 2024-08-06 | 7.5 High |
| The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. | ||||
| CVE-2016-10954 | 1 Dynamicpress | 1 Neosense | 2024-08-06 | 9.8 Critical |
| The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | ||||