Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44962 | 1 Koha-community | 1 Koha Library Software | 2023-10-16 | N/A | 5.3 MEDIUM |
| File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component. | |||||
| CVE-2023-42331 | 1 Elitecms | 1 Elite Cms | 2023-10-13 | N/A | 8.8 HIGH |
| A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. | |||||
| CVE-2023-45353 | 1 Atos | 1 Unify Openscape Common Management | 2023-10-12 | N/A | 8.8 HIGH |
| Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591. | |||||
| CVE-2023-43696 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2023-10-11 | N/A | 9.8 CRITICAL |
| Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. | |||||
| CVE-2023-43321 | 1 Dcnetworks | 2 Dcfw-1800-sdc, Dcfw-1800-sdc Firmware | 2023-10-10 | N/A | 8.8 HIGH |
| File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component. | |||||
| CVE-2023-44061 | 1 Simple And Nice Shopping Cart Script Project | 1 Simple And Nice Shopping Cart Script | 2023-10-10 | N/A | 8.8 HIGH |
| File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. | |||||
| CVE-2023-38836 | 1 Boidcms | 1 Boidcms | 2023-10-10 | N/A | 8.8 HIGH |
| File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks. | |||||
| CVE-2023-38029 | 1 Saho | 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more | 2023-08-29 | N/A | 9.8 CRITICAL |
| Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service. | |||||
| CVE-2023-32757 | 1 Edetw | 1 U-office Force | 2023-08-29 | N/A | 9.8 CRITICAL |
| e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. | |||||
| CVE-2023-39970 | 1 Acyba | 1 Acymailing Starter | 2023-08-23 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. It allows remote code execution. | |||||
| CVE-2023-39115 | 1 Campcodes | 1 Complete Online Matrimonial Website System Script | 2023-08-22 | N/A | 9.8 CRITICAL |
| install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document. | |||||
| CVE-2023-38915 | 1 Wolf18 | 1 Easyadmin8 | 2023-08-22 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function. | |||||
| CVE-2023-28482 | 1 Tigergraph | 1 Tigergraph | 2023-08-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has permissions to upload data can browse data uploaded by any other user (irrespective of their permissions). | |||||
| CVE-2023-28480 | 1 Tigergraph | 1 Tigergraph | 2023-08-18 | N/A | 6.5 MEDIUM |
| An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An attacker who has filesystem access on a remote TigerGraph system can alter the behavior of the database against the will of the database administrator; thus effectively bypassing the built in RBAC controls. | |||||
| CVE-2023-31941 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2023-08-18 | N/A | 7.2 HIGH |
| File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employee_insert.php. | |||||
| CVE-2023-31946 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2023-08-18 | N/A | 7.2 HIGH |
| File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php. | |||||
| CVE-2020-3436 | 1 Cisco | 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Firepower Threat Defense | 2023-08-16 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. The vulnerability exists because the affected software does not efficiently handle the writing of large files to specific folders on the local file system. An attacker could exploit this vulnerability by uploading files to those specific folders. A successful exploit could allow the attacker to write a file that triggers a watchdog timeout, which would cause the device to unexpectedly reload, causing a denial of service (DoS) condition. | |||||
| CVE-2020-36082 | 1 Bloofox | 1 Bloofoxcms | 2023-08-16 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module. | |||||
| CVE-2023-32564 | 1 Ivanti | 1 Avalanche | 2023-08-15 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | |||||
| CVE-2023-39346 | 1 Renjikai | 1 Linuxasmcallgraph | 2023-08-10 | N/A | 9.8 CRITICAL |
| LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds. | |||||