Total
3006 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16251 | 1 Mitel | 1 St14.2 | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. | |||||
| CVE-2017-15549 | 1 Emc | 3 Avamar Server, Integrated Data Protection Appliance, Networker | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. | |||||
| CVE-2017-14521 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload. | |||||
| CVE-2017-11561 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell. | |||||
| CVE-2016-9492 | 1 Jqueryform | 1 Php Formmail Generator | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename. | |||||
| CVE-2016-8515 | 1 Hp | 1 Version Control Repository Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. | |||||
| CVE-2016-7443 | 1 Exponentcms | 1 Exponent Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." | |||||
| CVE-2016-6918 | 1 Lexmark | 1 Markvision Enterprise | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. ( | |||||
| CVE-2016-15033 | 1 Delete All Comments Project | 1 Delete All Comments | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | |||||
| CVE-2016-11020 | 1 Kunena | 1 Kunena | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. | |||||
| CVE-2016-10995 | 1 Templatic | 1 Telvolution | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php. | |||||
| CVE-2016-10959 | 1 Estatik | 1 Estatik | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. | |||||
| CVE-2016-10958 | 1 Estatik | 1 Estatik | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. | |||||
| CVE-2016-10955 | 1 Cysteme | 1 Cysteme-finder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. | |||||
| CVE-2016-10954 | 1 Dynamicpress | 1 Neosense | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | |||||
| CVE-2016-10758 | 1 Phpkit | 1 Phpkit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter. | |||||
| CVE-2016-10752 | 1 S9y | 1 Serendipity | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. | |||||
| CVE-2016-10751 | 1 Osclass | 1 Osclass | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload. | |||||
| CVE-2016-10258 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-11-21 | 6.0 MEDIUM | 6.8 MEDIUM |
| Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. | |||||
| CVE-2016-10036 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. | |||||