Export limit exceeded: 361326 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361326 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4267 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-4990 | 1 Emc | 1 Avamar Server | 2025-04-20 | N/A |
| In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | ||||
| CVE-2017-14251 | 1 Typo3 | 1 Typo3 | 2025-04-20 | N/A |
| Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. | ||||
| CVE-2017-3108 | 1 Adobe | 1 Experience Manager | 2025-04-20 | N/A |
| Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | ||||
| CVE-2014-2664 | 1 X2engine | 1 X2crm | 2025-04-20 | N/A |
| Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
| CVE-2015-4455 | 1 Aviary Image Editor Add-on For Gravity Forms Project | 1 Aviary Image Editor Add-on For Gravity Forms | 2025-04-20 | N/A |
| Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. | ||||
| CVE-2017-7695 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. | ||||
| CVE-2017-17593 | 1 Simple Chatting System Project | 1 Simple Chatting System | 2025-04-20 | N/A |
| Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. | ||||
| CVE-2017-11326 | 1 Tilde Cms Project | 1 Tilde Cms | 2025-04-20 | N/A |
| An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation. | ||||
| CVE-2017-11466 | 1 Dotcms | 1 Dotcms | 2025-04-20 | N/A |
| Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI. | ||||
| CVE-2017-9364 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | ||||
| CVE-2017-15580 | 1 Osticket | 1 Osticket | 2025-04-20 | N/A |
| osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content. | ||||
| CVE-2017-14840 | 1 Teamworktec | 1 Ticketplus | 2025-04-20 | N/A |
| TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | ||||
| CVE-2017-14839 | 1 Teamworktec | 1 Photo Fusion | 2025-04-20 | N/A |
| TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | ||||
| CVE-2017-7989 | 1 Joomla | 1 Joomla\! | 2025-04-20 | N/A |
| In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. | ||||
| CVE-2017-10940 | 1 Joyent | 1 Triton Datacenter | 2025-04-20 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853. | ||||
| CVE-2017-14838 | 1 Teamworktec | 1 Job Links | 2025-04-20 | N/A |
| TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | ||||
| CVE-2017-7357 | 1 Atlassian | 1 Hipchat Server | 2025-04-20 | N/A |
| Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | ||||
| CVE-2017-14704 | 1 Claydip | 1 Airbnb Clone | 2025-04-20 | N/A |
| Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. | ||||
| CVE-2017-14050 | 1 Blackcat-cms | 1 Blackcat Cms | 2025-04-20 | N/A |
| In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. | ||||
| CVE-2020-22539 | 2 Codoforum, Codologic | 2 Codoforum, Codoforum | 2025-04-18 | 7.2 High |
| An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file. | ||||