Total
3886 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9840 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | N/A |
| Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application. | ||||
| CVE-2017-9650 | 2 Automatedlogic, Carrier | 3 I-vu, Sitescan Web, Automatedlogic Webctrl | 2025-04-20 | N/A |
| An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. | ||||
| CVE-2017-14399 | 1 Blackcat-cms | 1 Blackcat Cms | 2025-04-20 | N/A |
| In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. | ||||
| CVE-2017-1000238 | 1 Invoiceplane | 1 Invoiceplane | 2025-04-20 | N/A |
| InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver. | ||||
| CVE-2017-11154 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. | ||||
| CVE-2015-2780 | 1 Berta | 1 Berta Cms | 2025-04-20 | N/A |
| Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
| CVE-2016-8921 | 1 Ibm | 1 Filenet Workplace Xt | 2025-04-20 | N/A |
| IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | ||||
| CVE-2014-9312 | 1 10web | 1 Photo Gallery | 2025-04-20 | N/A |
| Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | ||||
| CVE-2017-1000119 | 1 Octobercms | 1 October | 2025-04-20 | N/A |
| October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | ||||
| CVE-2017-9069 | 1 Modx | 1 Modx Revolution | 2025-04-20 | N/A |
| In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | ||||
| CVE-2017-12929 | 1 Tecnovision | 1 Dlx Spot Player4 | 2025-04-20 | N/A |
| Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | ||||
| CVE-2014-2664 | 1 X2engine | 1 X2crm | 2025-04-20 | N/A |
| Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
| CVE-2017-16949 | 1 Accesspressthemes | 1 Anonymous Post Pro | 2025-04-20 | N/A |
| An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution. | ||||
| CVE-2013-7426 | 1 Kamailio | 1 Kamailio | 2025-04-20 | N/A |
| Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | ||||
| CVE-2017-4990 | 1 Emc | 1 Avamar Server | 2025-04-20 | N/A |
| In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | ||||
| CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2025-04-20 | N/A |
| A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | ||||
| CVE-2017-5520 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. | ||||
| CVE-2017-14704 | 1 Claydip | 1 Airbnb Clone | 2025-04-20 | N/A |
| Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. | ||||
| CVE-2017-8080 | 1 Atlassian | 1 Hipchat Server | 2025-04-20 | N/A |
| Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | ||||
| CVE-2015-4455 | 1 Aviary Image Editor Add-on For Gravity Forms Project | 1 Aviary Image Editor Add-on For Gravity Forms | 2025-04-20 | N/A |
| Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. | ||||