Total
2900 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3884 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 8.8 High |
| Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. | ||||
| CVE-2015-2780 | 1 Berta | 1 Berta Cms | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
| CVE-2015-1785 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 6.5 Medium |
| In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | ||||
| CVE-2015-1784 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 8.8 High |
| In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | ||||
| CVE-2015-10087 | 1 Upthemes | 1 Designfolio-plus | 2024-11-21 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2015-1000013 | 1 Csv2wpec-coupon Project | 1 Csv2wpec-coupon | 2024-11-21 | N/A |
| Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 | ||||
| CVE-2015-1000001 | 1 Fast-image-adder Project | 1 Fast-image-adder | 2024-11-21 | N/A |
| Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | ||||
| CVE-2015-1000000 | 1 Mailcwp Project | 1 Mailcwp | 2024-11-21 | N/A |
| Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | ||||
| CVE-2015-0796 | 1 Opensuse | 1 Open Buildservice | 2024-11-21 | N/A |
| In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service. | ||||
| CVE-2015-0702 | 1 Cisco | 1 Unified Meetingplace | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. | ||||
| CVE-2015-0258 | 3 Canonical, Debian, O-dyn | 3 Ubuntu Linux, Debian Linux, Collabtive | 2024-11-21 | 8.8 High |
| Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. | ||||
| CVE-2014-9619 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif. | ||||
| CVE-2014-9312 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A |
| Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | ||||
| CVE-2014-8739 | 2 Creative-solutions, Jquery File Upload Project | 2 Creative Contact Form, Jquery File Upload | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. | ||||
| CVE-2014-8516 | 1 Cloudfastpath | 1 Netcharts Server | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | ||||
| CVE-2014-8337 | 1 Helpdezk | 1 Helpdezk | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. | ||||
| CVE-2014-4972 | 1 Ajax Upload For Gravity Forms Project | 1 Ajax Upload For Gravity Forms | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms. | ||||
| CVE-2014-4912 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. | ||||
| CVE-2014-3448 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2024-11-21 | 9.8 Critical |
| BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload | ||||
| CVE-2014-2664 | 1 X2engine | 1 X2crm | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||