Total
2495 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40981 | 1 Etictelecom | 14 Ras-c-100-lw, Ras-e-100, Ras-e-220 and 11 more | 2024-09-17 | 5.9 Medium |
| All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device. | ||||
| CVE-2011-4183 | 1 Opensuse | 1 Open Build Service | 2024-09-17 | N/A |
| A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. | ||||
| CVE-2021-44159 | 1 4mosan | 1 Gcb Doctor | 2024-09-17 | 9.8 Critical |
| 4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack. | ||||
| CVE-2015-0796 | 1 Opensuse | 1 Open Buildservice | 2024-09-16 | N/A |
| In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service. | ||||
| CVE-2019-9612 | 1 Ofcms Project | 1 Ofcms | 2024-09-16 | N/A |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI. | ||||
| CVE-2019-5009 | 1 Vtiger | 1 Vtiger Crm | 2024-09-16 | 7.2 High |
| Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php. | ||||
| CVE-2019-0017 | 1 Juniper | 1 Junos Space | 2024-09-16 | N/A |
| The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. | ||||
| CVE-2018-1000646 | 1 Librehealth | 1 Librehealth Ehr | 2024-09-16 | N/A |
| LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution. | ||||
| CVE-2022-3575 | 1 Frauscher | 1 Frauscher Diagnostic System 102 | 2024-09-16 | 9.8 Critical |
| Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device. | ||||
| CVE-2017-9069 | 1 Modx | 1 Modx Revolution | 2024-09-16 | N/A |
| In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | ||||
| CVE-2005-1881 | 1 Yapig | 1 Yapig | 2024-09-16 | N/A |
| upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code. | ||||
| CVE-2017-7429 | 2 Microfocus, Netiq | 2 Edirectory, Edirectory | 2024-09-16 | N/A |
| The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | ||||
| CVE-2017-12617 | 6 Apache, Canonical, Debian and 3 more | 60 Tomcat, Ubuntu Linux, Debian Linux and 57 more | 2024-09-16 | 8.1 High |
| When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | ||||
| CVE-2018-10521 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory. | ||||
| CVE-2020-7864 | 1 Dext5 | 1 Dext5 Editor | 2024-09-16 | 7.8 High |
| Parameter manipulation can bypass authentication to cause file upload and execution. This will execute the remote code. This issue affects: Raonwiz DEXT5Editor versions prior to 3.5.1405747.1100.03. | ||||
| CVE-2018-1000658 | 1 Limesurvey | 1 Limesurvey | 2024-09-16 | N/A |
| LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4. | ||||
| CVE-2022-38140 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2024-09-16 | 7.6 High |
| Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress. | ||||
| CVE-2022-28700 | 1 Givewp | 1 Givewp | 2024-09-16 | 9.1 Critical |
| Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | ||||
| CVE-2022-41681 | 1 Formalms | 1 Formalms | 2024-09-16 | 9.9 Critical |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. | ||||
| CVE-2022-40217 | 1 Xplodedthemes | 1 Wpide | 2024-09-16 | 6.5 Medium |
| Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. | ||||