Total
3336 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2025-04-20 | N/A |
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | ||||
CVE-2017-12929 | 1 Tecnovision | 1 Dlx Spot Player4 | 2025-04-20 | N/A |
Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | ||||
CVE-2017-12332 | 1 Cisco | 2 Nx-os, Unified Computing System | 2025-04-20 | N/A |
A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832. | ||||
CVE-2013-7426 | 1 Kamailio | 1 Kamailio | 2025-04-20 | N/A |
Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | ||||
CVE-2017-14840 | 1 Teamworktec | 1 Ticketplus | 2025-04-20 | N/A |
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | ||||
CVE-2017-11756 | 1 Earcms | 1 Ear Music | 2025-04-20 | N/A |
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code. | ||||
CVE-2017-5520 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. | ||||
CVE-2017-14123 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2025-04-20 | 8.8 High |
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp. | ||||
CVE-2017-1000081 | 1 Onosproject | 1 Onos | 2025-04-20 | 9.8 Critical |
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | ||||
CVE-2017-4990 | 1 Emc | 1 Avamar Server | 2025-04-20 | N/A |
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | ||||
CVE-2016-8973 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2025-04-20 | N/A |
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960. | ||||
CVE-2016-8921 | 1 Ibm | 1 Filenet Workplace Xt | 2025-04-20 | N/A |
IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | ||||
CVE-2017-8862 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2025-04-20 | N/A |
The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges. | ||||
CVE-2017-11154 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. | ||||
CVE-2016-6124 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | N/A |
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | ||||
CVE-2016-6104 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-04-20 | N/A |
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. | ||||
CVE-2015-2780 | 1 Berta | 1 Berta Cms | 2025-04-20 | N/A |
Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
CVE-2017-15580 | 1 Osticket | 1 Osticket | 2025-04-20 | N/A |
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content. | ||||
CVE-2016-0354 | 1 Ibm | 1 Sametime | 2025-04-20 | N/A |
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893. | ||||
CVE-2017-17987 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2025-04-20 | N/A |
PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. |