Total
3867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1002002 | 1 Webapp-builder Project | 1 Webapp-builder | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
|
|||||
| CVE-2017-1000238 | 1 Invoiceplane | 1 Invoiceplane | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.
|
|||||
| CVE-2017-2699 | 1 Huawei | 6 Honor 7, Honor 7 Firmware, Lyo-l21 and 3 more | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of arbitrary code.
|
|||||
| CVE-2017-17727 | 1 Dedecms | 1 Dedecms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.
|
|||||
| CVE-2016-6104 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.
|
|||||
| CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.
|
|||||
| CVE-2017-5520 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.
|
|||||
| CVE-2017-14251 | 1 Typo3 | 1 Typo3 | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
|
|||||
| CVE-2017-12678 | 2 Debian, Taglib | 2 Debian Linux, Taglib | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.
|
|||||
| CVE-2017-1000081 | 1 Onosproject | 1 Onos | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
|
|||||
| CVE-2017-6104 | 1 Zen Mobile App Native Project | 1 Zen Mobile App Native | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
|
|||||
| CVE-2017-8862 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges.
|
|||||
| CVE-2017-11404 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
|
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.
|
|||||
| CVE-2017-15957 | 1 Ingenious School Management System Project | 1 Ingenious School Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
|
|||||
| CVE-2017-4990 | 1 Emc | 1 Avamar Server | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.
|
|||||
| CVE-2017-14079 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
|
|||||
| CVE-2017-10940 | 1 Joyent | 1 Triton Datacenter | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to [email protected] (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the up ...
Show More |
|||||
| CVE-2017-14704 | 1 Claydip | 1 Airbnb Clone | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile.
|
|||||
| CVE-2017-15962 | 1 Istock Management System Project | 1 Istock Management System | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
|
|||||
| CVE-2017-9650 | 2 Automatedlogic, Carrier | 3 I-vu, Sitescan Web, Automatedlogic Webctrl | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code.
|
|||||
| CVE-2017-1000119 | 1 Octobercms | 1 October | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.
|
|||||
| CVE-2017-13156 | 1 Google | 1 Android | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
|
|||||
| CVE-2017-7281 | 1 Unitrends | 1 Enterprise Backup | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.
|
|||||
| CVE-2017-14399 | 1 Blackcat-cms | 1 Blackcat Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.
|
|||||
| CVE-2017-11466 | 1 Dotcms | 1 Dotcms | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
|
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI.
|
|||||
| CVE-2017-17593 | 1 Simple Chatting System Project | 1 Simple Chatting System | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.
|
|||||
| CVE-2016-8921 | 1 Ibm | 1 Filenet Workplace Xt | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
|
|||||
| CVE-2016-1713 | 1 Vtiger | 1 Vtiger Crm | 2025-04-20 | 8.5 HIGH | 7.3 HIGH |
|
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.
|
|||||
| CVE-2017-17874 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
|
|||||
| CVE-2017-11326 | 1 Tilde Cms Project | 1 Tilde Cms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation.
|
|||||
| CVE-2017-7695 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.
|
|||||
| CVE-2017-14841 | 1 Dasinfomedia | 1 Annual Maintenance Contract Management System | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
|
|||||
| CVE-2017-1002000 | 1 Mobile-friendly-app-builder-by-easytouch Project | 1 Mobile-friendly-app-builder-by-easytouch | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
|
|||||
| CVE-2017-1002001 | 1 Mobile-app-builder-by-wappress Project | 1 Mobile-app-builder-by-wappress | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
|
|||||
| CVE-2017-15990 | 1 Savsofteproducts | 1 Phpinventory | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.
|
|||||
| CVE-2017-9101 | 1 Playsms | 1 Playsms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.
|
|||||
| CVE-2017-7357 | 1 Atlassian | 1 Hipchat Server | 2025-04-20 | 6.5 MEDIUM | 9.1 CRITICAL |
|
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.
|
|||||
| CVE-2017-2737 | 1 Huawei | 2 Vcm5010, Vcm5010 Firmware | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.
|
|||||
| CVE-2015-2780 | 1 Berta | 1 Berta Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
|
|||||
| CVE-2017-8080 | 1 Atlassian | 1 Hipchat Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
|
|||||