Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3722 | 1 Avaya | 1 Aura Device Services | 2023-07-28 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier. | |||||
| CVE-2020-22159 | 1 Evertz | 6 3080ipx, 3080ipx Firmware, 7801fc and 3 more | 2023-07-28 | N/A | 8.8 HIGH |
| EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files. | |||||
| CVE-2023-30791 | 1 Plane | 1 Plane | 2023-07-28 | N/A | 4.6 MEDIUM |
| Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. | |||||
| CVE-2023-38404 | 1 Veritas | 1 Infoscale Operations Manager | 2023-07-27 | N/A | 8.8 HIGH |
| The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server. | |||||
| CVE-2023-3692 | 1 Admidio | 1 Admidio | 2023-07-27 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10. | |||||
| CVE-2023-34394 | 1 Keysight | 1 Geolocation Server | 2023-07-27 | N/A | 7.8 HIGH |
| In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition. | |||||
| CVE-2023-35189 | 1 Iagona | 1 Scrutisweb | 2023-07-27 | N/A | 9.8 CRITICAL |
| Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it. | |||||
| CVE-2023-37839 | 1 Dedecms | 1 Dedecms | 2023-07-27 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2023-34136 | 1 Sonicwall | 2 Analytics, Global Management System | 2023-07-25 | N/A | 9.8 CRITICAL |
| Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-33253 | 1 Agilebio | 1 Labcollector | 2023-07-21 | N/A | 8.8 HIGH |
| LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent. | |||||
| CVE-2022-0950 | 1 Showdoc | 1 Showdoc | 2023-07-21 | 3.5 LOW | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2023-34126 | 1 Sonicwall | 2 Analytics, Global Management System | 2023-07-20 | N/A | 8.8 HIGH |
| Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-37656 | 1 Websiteguide Project | 1 Websiteguide | 2023-07-18 | N/A | 9.8 CRITICAL |
| WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload. | |||||
| CVE-2023-34193 | 1 Zimbra | 1 Collaboration | 2023-07-12 | N/A | 8.8 HIGH |
| File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. | |||||
| CVE-2020-21861 | 1 Duxcms Project | 1 Duxcms | 2023-07-12 | N/A | 8.8 HIGH |
| File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload. | |||||
| CVE-2023-36969 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-07-12 | N/A | 8.8 HIGH |
| CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. | |||||
| CVE-2020-22153 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-07-11 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. | |||||
| CVE-2023-34736 | 1 Guantang Equipment Management System Project | 1 Guantang Equipment Management System | 2023-07-10 | N/A | 7.2 HIGH |
| Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload. | |||||
| CVE-2020-18432 | 1 Sem-cms | 1 Semcms | 2023-07-07 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. | |||||
| CVE-2023-3491 | 1 Fossbilling | 1 Fossbilling | 2023-07-07 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. | |||||