Total
3241 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1214 | 1 Projoom | 1 Smart Flash Header | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter. | |||||
| CVE-2014-125104 | 1 Automattic | 1 Vaultpress | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The patch is named e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263. | |||||
| CVE-2014-10074 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files. | |||||
| CVE-2013-7390 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | |||||
| CVE-2013-6358 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. | |||||
| CVE-2013-6234 | 1 Eng | 1 Spagobi | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload." | |||||
| CVE-2013-4796 | 1 Reviewboard | 1 Reviewboard | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request | |||||
| CVE-2013-3684 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload | |||||
| CVE-2013-3591 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability | |||||
| CVE-2013-2748 | 1 Belkin | 2 Wemo Switch, Wemo Switch Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. | |||||
| CVE-2013-2057 | 1 Yabb | 1 Yabb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability | |||||
| CVE-2013-20002 | 1 Themify | 1 Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. | |||||
| CVE-2013-1916 | 1 User Photo Project | 1 User Photo | 2024-11-21 | 8.5 HIGH | 8.8 HIGH |
| In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved. | |||||
| CVE-2013-0803 | 1 Polarbear Cms Project | 1 Polarbear Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. | |||||
| CVE-2012-6649 | 1 Devfarm | 1 Wp Gpx Maps | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload. | |||||
| CVE-2012-5190 | 1 Accusoft | 1 Prizm Content Connect | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability | |||||
| CVE-2012-2950 | 2 Gatewaygeomatics, Microsoft | 2 Mapserver, Windows | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information. | |||||
| CVE-2012-2226 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | |||||
| CVE-2012-1592 | 1 Apache | 1 Struts | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. | |||||
| CVE-2011-4908 | 1 Tiny | 1 Tinybrowser | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. | |||||