Total
2900 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6104 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. | ||||
| CVE-2016-5050 | 1 Readydesk | 1 Readydesk | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file. | ||||
| CVE-2016-2914 | 1 Ibm | 1 Rational Publishing Engine | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension. | ||||
| CVE-2016-1713 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000. | ||||
| CVE-2016-11020 | 1 Kunena | 1 Kunena | 2024-11-21 | 9.8 Critical |
| Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. | ||||
| CVE-2016-10995 | 1 Templatic | 1 Telvolution | 2024-11-21 | 9.8 Critical |
| The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php. | ||||
| CVE-2016-10959 | 1 Estatik | 1 Estatik | 2024-11-21 | 6.5 Medium |
| The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. | ||||
| CVE-2016-10958 | 1 Estatik | 1 Estatik | 2024-11-21 | 7.5 High |
| The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. | ||||
| CVE-2016-10955 | 1 Cysteme | 1 Cysteme-finder | 2024-11-21 | 9.8 Critical |
| The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. | ||||
| CVE-2016-10954 | 1 Dynamicpress | 1 Neosense | 2024-11-21 | 9.8 Critical |
| The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | ||||
| CVE-2016-10758 | 1 Phpkit | 1 Phpkit | 2024-11-21 | N/A |
| PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter. | ||||
| CVE-2016-10752 | 1 S9y | 1 Serendipity | 2024-11-21 | N/A |
| serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. | ||||
| CVE-2016-10751 | 1 Osclass | 1 Osclass | 2024-11-21 | N/A |
| osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload. | ||||
| CVE-2016-10258 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. | ||||
| CVE-2016-10036 | 1 Jfrog | 1 Artifactory | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. | ||||
| CVE-2016-0354 | 1 Ibm | 1 Sametime | 2024-11-21 | N/A |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893. | ||||
| CVE-2015-9499 | 1 Themepunch | 1 Showbiz Pro | 2024-11-21 | 9.8 Critical |
| The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. | ||||
| CVE-2015-9479 | 1 Advancedcustomfields | 1 Acf Fronted Display | 2024-11-21 | 9.8 Critical |
| The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php. | ||||
| CVE-2015-9471 | 1 Digitalzoomstudio | 1 Zoomsounds | 2024-11-21 | 9.8 Critical |
| The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload. | ||||
| CVE-2015-9402 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 8.8 High |
| The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. | ||||