Total
3199 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5185 | 1 Projectworlds | 1 Gym Management System Project | 2024-11-21 | 9.1 Critical |
| Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | ||||
| CVE-2023-5154 | 1 Dlink | 2 Dar-8000, Dar-8000 Firmware | 2024-11-21 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240250 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2023-5149 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2024-11-21 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240245 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2023-5148 | 1 Dlink | 4 Dar-7000, Dar-7000 Firmware, Dar-8000 and 1 more | 2024-11-21 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240244. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2023-5147 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2024-11-21 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240243. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2023-5146 | 1 Dlink | 4 Dar-7000, Dar-7000 Firmware, Dar-8000 and 1 more | 2024-11-21 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240242 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2023-5145 | 1 Dlink | 4 Dar-7000, Dar-7000 Firmware, Dar-8000 and 1 more | 2024-11-21 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240241 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2023-5144 | 1 Dlink | 4 Dar-7000, Dar-7000 Firmware, Dar-8000 and 1 more | 2024-11-21 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /sysmanage/updateos.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240240. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2023-5034 | 1 My Food Recipe Project | 1 My Food Recipe | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. This vulnerability affects unknown code of the file index.php of the component Image Upload Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239878 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-52221 | 1 Ukrsolution | 1 Barcode Scanner And Inventory Manager | 2024-11-21 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1. | ||||
| CVE-2023-52086 | 1 Startutorial | 1 Php Backend For Resumable.js | 2024-11-21 | 8.1 High |
| resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.) | ||||
| CVE-2023-51475 | 1 Wpmlmsoftware | 1 Wp Mlm Unilevel | 2024-11-21 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0. | ||||
| CVE-2023-51473 | 1 Pixelemu | 1 Terraclassifieds | 2024-11-21 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3. | ||||
| CVE-2023-51468 | 1 Boiteasite | 1 Download Rencontre - Dating Site | 2024-11-21 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. | ||||
| CVE-2023-51419 | 1 Bertha | 1 Bertha Ai | 2024-11-21 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7. | ||||
| CVE-2023-51417 | 1 Jorisvm | 1 Jvm Gutenberg Rich Text Icons | 2024-11-21 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3. | ||||
| CVE-2023-51412 | 1 Piotnet | 1 Piotnet Forms | 2024-11-21 | 9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25. | ||||
| CVE-2023-51411 | 1 Dynamiapps | 1 Frontend Admin | 2024-11-21 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3. | ||||
| CVE-2023-51410 | 1 Wpvibes | 1 Wp Mail Log | 2024-11-21 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2. | ||||
| CVE-2023-51034 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. | ||||