Total
2498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36285 | 1 Uploading Svg\, Webp And Ico Files Project | 1 Uploading Svg\, Webp And Ico Files | 2024-09-16 | 7.2 High |
| Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. | ||||
| CVE-2018-1000619 | 1 Ovidentia | 1 Ovidentia | 2024-09-16 | N/A |
| Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons. | ||||
| CVE-2017-2737 | 1 Huawei | 2 Vcm5010, Vcm5010 Firmware | 2024-09-16 | N/A |
| VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system. | ||||
| CVE-2021-39352 | 1 Catchplugins | 1 Catch Themes Demo Import | 2024-09-16 | 7.2 High |
| The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution. | ||||
| CVE-2019-4292 | 1 Ibm | 1 Security Guardium | 2024-09-16 | 8.8 High |
| IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698. | ||||
| CVE-2021-23814 | 1 Unisharp | 1 Laravel-filemanager | 2024-09-16 | 6.7 Medium |
| This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload window - Upload an image file, then capture the request - Edit the request contents with a malicious file (webshell) - Enter the path of file uploaded on URL - Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories). | ||||
| CVE-2023-29384 | 1 Hmplugin | 1 Jobwp | 2024-09-16 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. | ||||
| CVE-2019-4013 | 1 Ibm | 1 Bigfix Platform | 2024-09-16 | N/A |
| IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887. | ||||
| CVE-2018-1552 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-09-16 | N/A |
| IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889. | ||||
| CVE-2022-1519 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2024-09-16 | 10 Critical |
| LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit. | ||||
| CVE-2021-38346 | 1 Brizy | 1 Brizy-page Builder | 2024-09-16 | 8.8 High |
| The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations. | ||||
| CVE-2017-11404 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | ||||
| CVE-2023-41631 | 1 Esst | 1 Esst Monitoring | 2024-09-16 | 8.8 High |
| eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the file upload function. | ||||
| CVE-2021-23562 | 1 Tiny | 1 Plupload | 2024-09-16 | 4.2 Medium |
| This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file. | ||||
| CVE-2022-20743 | 1 Cisco | 1 Firepower Management Center | 2024-09-16 | 6.5 Medium |
| A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to the web management interface of Cisco FMC Software. An attacker could exploit this vulnerability by uploading a maliciously crafted file to a device running affected software. A successful exploit could allow the attacker to store malicious files on the device, which they could access later to conduct additional attacks, including executing arbitrary code on the affected device with root privileges. | ||||
| CVE-2020-29450 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-09-16 | 6.5 Medium |
| Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0. | ||||
| CVE-2021-29907 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2024-09-16 | 8.8 High |
| IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633. | ||||
| CVE-2019-4056 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-09-16 | 4.3 Medium |
| IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565. | ||||
| CVE-2019-20897 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 6.5 Medium |
| The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. | ||||
| CVE-2017-14079 | 1 Trendmicro | 1 Mobile Security | 2024-09-16 | N/A |
| Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | ||||