Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | |||||
| CVE-2016-15033 | 1 Delete All Comments Project | 1 Delete All Comments | 2023-11-07 | N/A | 9.8 CRITICAL |
| The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | |||||
| CVE-2011-4183 | 1 Opensuse | 1 Open Build Service | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. | |||||
| CVE-2023-46428 | 1 Hadsky | 1 Hadsky | 2023-11-06 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2021-24370 | 1 Radykal | 1 Fancy Product Designer | 2023-11-02 | 7.5 HIGH | 9.8 CRITICAL |
| The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution. | |||||
| CVE-2023-3375 | 1 Bookreen | 1 Bookreen | 2023-11-02 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0. | |||||
| CVE-2023-24517 | 1 Pandorafms | 1 Pandora Fms | 2023-11-02 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms. | |||||
| CVE-2023-26578 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 8.8 HIGH |
| Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. | |||||
| CVE-2023-45555 | 1 Zzzcms | 1 Zzzcms | 2023-10-27 | N/A | 7.8 HIGH |
| File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. | |||||
| CVE-2023-45384 | 1 Knowband | 1 Supercheckout | 2023-10-25 | N/A | 9.8 CRITICAL |
| KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" (supercheckout), a guest can upload files with extensions .php | |||||
| CVE-2023-45952 | 1 Lylme | 1 Lylme Spage | 2023-10-25 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2023-37502 | 1 Hcltech | 1 Hcl Compass | 2023-10-25 | N/A | 8.8 HIGH |
| HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. | |||||
| CVE-2023-46004 | 1 Mayurik | 1 Best Courier Management System | 2023-10-25 | N/A | 7.2 HIGH |
| Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. | |||||
| CVE-2023-41631 | 1 Esst | 1 Esst Monitoring | 2023-10-23 | N/A | 8.8 HIGH |
| eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the file upload function. | |||||
| CVE-2023-34207 | 1 Easyuse | 1 Mailhunter Ultimate | 2023-10-20 | N/A | 8.8 HIGH |
| Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a crafted ZIP archive. | |||||
| CVE-2023-35018 | 1 Ibm | 1 Security Verify Governance | 2023-10-19 | N/A | 7.2 HIGH |
| IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382. | |||||
| CVE-2023-45856 | 1 Qdpm | 1 Qdpm | 2023-10-19 | N/A | 9.8 CRITICAL |
| qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI. | |||||
| CVE-2022-22375 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2023-10-18 | N/A | 8.8 HIGH |
| IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681. | |||||
| CVE-2022-27261 | 1 Express-fileupload Project | 1 Express-fileupload | 2023-10-18 | 4.3 MEDIUM | 7.5 HIGH |
| An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. | |||||
| CVE-2022-33859 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2023-10-18 | N/A | 9.8 CRITICAL |
| A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . | |||||