Total
2288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20272 | 1 Cisco | 1 Unity Connection | 2024-02-02 | N/A | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root. | |||||
| CVE-2024-23630 | 1 Motorola | 2 Mr2600, Mr2600 Firmware | 2024-02-01 | 7.7 HIGH | 8.8 HIGH |
| An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed. | |||||
| CVE-2022-4232 | 1 Rinvizle | 1 Event Registration System | 2024-02-01 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-52324 | 1 Trendmicro | 1 Apex Central | 2024-01-30 | N/A | 8.8 HIGH |
| An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code. | |||||
| CVE-2024-22152 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2024-01-30 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7. | |||||
| CVE-2024-22135 | 1 Webtoffee | 1 Order Export \& Order Import For Woocommerce | 2024-01-30 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3. | |||||
| CVE-2023-52221 | 1 Ukrsolution | 1 Barcode Scanner And Inventory Manager | 2024-01-30 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1. | |||||
| CVE-2002-1841 | 1 Noguska | 1 Nola | 2024-01-26 | 5.0 MEDIUM | N/A |
| The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4. | |||||
| CVE-2001-0901 | 1 Hypermail Development | 1 Hypermail | 2024-01-26 | 7.5 HIGH | N/A |
| Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment. | |||||
| CVE-2024-22895 | 1 Dedecms | 1 Dedecms | 2024-01-26 | N/A | 8.8 HIGH |
| DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. | |||||
| CVE-2004-2262 | 1 E107 | 1 E107 | 2024-01-26 | 7.5 HIGH | N/A |
| ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. | |||||
| CVE-2005-1868 | 1 Yvesglodt | 1 I-man | 2024-01-26 | 7.5 HIGH | N/A |
| I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. | |||||
| CVE-2005-1881 | 1 Yapig | 1 Yapig | 2024-01-26 | 7.5 HIGH | N/A |
| upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code. | |||||
| CVE-2006-6994 | 1 Indirmax.org | 1 Ozzywork Galeri | 2024-01-26 | 6.4 MEDIUM | N/A |
| Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks. | |||||
| CVE-2006-4558 | 1 Deluxebb | 1 Deluxebb | 2024-01-26 | 7.5 HIGH | N/A |
| DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php. | |||||
| CVE-2006-2428 | 1 Duware Dubanner Project | 1 Duware Dubanner | 2024-01-26 | 7.5 HIGH | N/A |
| add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague. | |||||
| CVE-2005-3288 | 1 Rockliffe | 1 Mailsite Express | 2024-01-26 | 5.0 MEDIUM | N/A |
| Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message. | |||||
| CVE-2023-51928 | 1 Yonyou | 1 Yonbip | 2024-01-26 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2023-51924 | 1 Yonyou | 1 Yonbip | 2024-01-26 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2020-28871 | 1 Monitorr | 1 Monitorr | 2024-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | |||||