ReportizFlow
Filtered by vendor
Subscriptions
Total
4030 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11404 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | N/A |
| In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | ||||
| CVE-2017-10940 | 1 Joyent | 1 Triton Datacenter | 2025-04-20 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to [email protected] (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853. | ||||
| CVE-2017-9650 | 2 Automatedlogic, Carrier | 3 I-vu, Sitescan Web, Automatedlogic Webctrl | 2025-04-20 | N/A |
| An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. | ||||
| CVE-2015-9228 | 1 Imagely | 1 Nextgen Gallery | 2025-04-20 | N/A |
| In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | ||||
| CVE-2015-4463 | 1 Efrontlearning | 1 Efront | 2025-04-20 | N/A |
| The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL. | ||||
| CVE-2017-9380 | 1 Open-emr | 1 Openemr | 2025-04-20 | 8.8 High |
| OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | ||||
| CVE-2017-17727 | 1 Dedecms | 1 Dedecms | 2025-04-20 | N/A |
| DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | ||||
| CVE-2011-4334 | 1 Labwiki Project | 1 Labwiki | 2025-04-20 | N/A |
| edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter. | ||||
| CVE-2016-0354 | 1 Ibm | 1 Sametime | 2025-04-20 | N/A |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893. | ||||
| CVE-2017-15990 | 1 Savsofteproducts | 1 Phpinventory | 2025-04-20 | 9.8 Critical |
| Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. | ||||
| CVE-2017-1000119 | 1 Octobercms | 1 October | 2025-04-20 | N/A |
| October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | ||||
| CVE-2017-1002001 | 1 Mobile-app-builder-by-wappress Project | 1 Mobile-app-builder-by-wappress | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | ||||
| CVE-2017-17987 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2025-04-20 | N/A |
| PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | ||||
| CVE-2017-1002016 | 1 Flickr Picture Backup Project | 1 Flickr Picture Backup | 2025-04-20 | 9.8 Critical |
| Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. | ||||
| CVE-2017-1000081 | 1 Onosproject | 1 Onos | 2025-04-20 | 9.8 Critical |
| Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | ||||
| CVE-2017-1002002 | 1 Webapp-builder Project | 1 Webapp-builder | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/ | ||||
| CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2025-04-20 | N/A |
| A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | ||||
| CVE-2017-11154 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. | ||||
| CVE-2017-7357 | 1 Atlassian | 1 Hipchat Server | 2025-04-20 | N/A |
| Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | ||||
| CVE-2017-12332 | 1 Cisco | 2 Nx-os, Unified Computing System | 2025-04-20 | N/A |
| A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832. | ||||