Total
3886 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8921 | 1 Ibm | 1 Filenet Workplace Xt | 2025-04-20 | N/A |
| IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | ||||
| CVE-2017-6027 | 1 Codesys | 1 Web Server | 2025-04-20 | N/A |
| An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. | ||||
| CVE-2016-6124 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | N/A |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | ||||
| CVE-2017-14704 | 1 Claydip | 1 Airbnb Clone | 2025-04-20 | N/A |
| Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. | ||||
| CVE-2015-7571 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | N/A |
| Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | ||||
| CVE-2017-3108 | 1 Adobe | 1 Experience Manager | 2025-04-20 | N/A |
| Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | ||||
| CVE-2017-2737 | 1 Huawei | 2 Vcm5010, Vcm5010 Firmware | 2025-04-20 | N/A |
| VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system. | ||||
| CVE-2015-3884 | 1 Qdpm | 1 Qdpm | 2025-04-20 | 8.8 High |
| Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. | ||||
| CVE-2017-16941 | 1 Octobercms | 1 October | 2025-04-20 | N/A |
| October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. NOTE: the vendor says "I don't think [an attacker able to login to the system under an account that has access to manage/upload themes] is a threat model that we need to be considering. | ||||
| CVE-2017-15990 | 1 Savsofteproducts | 1 Phpinventory | 2025-04-20 | 9.8 Critical |
| Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. | ||||
| CVE-2017-15962 | 1 Istock Management System Project | 1 Istock Management System | 2025-04-20 | N/A |
| iStock Management System 1.0 allows Arbitrary File Upload via user/profile. | ||||
| CVE-2017-15957 | 1 Ingenious School Management System Project | 1 Ingenious School Management System | 2025-04-20 | N/A |
| my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. | ||||
| CVE-2017-1002001 | 1 Mobile-app-builder-by-wappress Project | 1 Mobile-app-builder-by-wappress | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | ||||
| CVE-2017-14958 | 1 Pivotx | 1 Pivotx | 2025-04-20 | N/A |
| lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file. | ||||
| CVE-2017-14839 | 1 Teamworktec | 1 Photo Fusion | 2025-04-20 | N/A |
| TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | ||||
| CVE-2017-14838 | 1 Teamworktec | 1 Job Links | 2025-04-20 | N/A |
| TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | ||||
| CVE-2017-14079 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | N/A |
| Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | ||||
| CVE-2017-14050 | 1 Blackcat-cms | 1 Blackcat Cms | 2025-04-20 | N/A |
| In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. | ||||
| CVE-2017-17987 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2025-04-20 | N/A |
| PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | ||||
| CVE-2017-9101 | 1 Playsms | 1 Playsms | 2025-04-20 | N/A |
| import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. | ||||