Total
2900 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9341 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | N/A |
| The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. | ||||
| CVE-2015-9340 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | N/A |
| The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. | ||||
| CVE-2015-9339 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | N/A |
| The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. | ||||
| CVE-2015-9338 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | N/A |
| The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. | ||||
| CVE-2015-9271 | 1 Videowhisper | 1 Video Conference | 2024-11-21 | N/A |
| The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905. | ||||
| CVE-2015-9263 | 1 Idera | 1 Uptime Infrastructure Monitor | 2024-11-21 | N/A |
| An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands. | ||||
| CVE-2015-9259 | 1 Docker | 1 Notary | 2024-11-21 | N/A |
| In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file. | ||||
| CVE-2015-9228 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | N/A |
| In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | ||||
| CVE-2015-8249 | 1 Manageengine | 1 Desktop Central | 2024-11-21 | N/A |
| The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. | ||||
| CVE-2015-7571 | 1 Yeager | 1 Yeager Cms | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | ||||
| CVE-2015-7341 | 1 Joobi | 1 Jnews | 2024-11-21 | 8.8 High |
| JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. | ||||
| CVE-2015-7339 | 1 Widgetfactorylimited | 1 Jce | 2024-11-21 | 8.8 High |
| JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script. | ||||
| CVE-2015-6000 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 8.8 High |
| Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/. | ||||
| CVE-2015-5951 | 1 Thomsonreuters | 1 Fatca | 2024-11-21 | 9.9 Critical |
| A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands. | ||||
| CVE-2015-5601 | 1 Edx | 1 Edx-platform | 2024-11-21 | N/A |
| edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. | ||||
| CVE-2015-4553 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 8.8 High |
| A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. | ||||
| CVE-2015-4524 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server. | ||||
| CVE-2015-4463 | 1 Efrontlearning | 1 Efront | 2024-11-21 | N/A |
| The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL. | ||||
| CVE-2015-4462 | 1 Efrontlearning | 1 Efront | 2024-11-21 | N/A |
| Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php. | ||||
| CVE-2015-4455 | 1 Aviary Image Editor Add-on For Gravity Forms Project | 1 Aviary Image Editor Add-on For Gravity Forms | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. | ||||