Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1328 | 1 115cms | 1 115cms | 2023-03-15 | N/A | 7.2 HIGH |
| A vulnerability was found in Guizhou 115cms 4.2. It has been classified as problematic. Affected is an unknown function of the file /admin/content/index. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222738 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1313 | 1 Agentejo | 1 Cockpit | 2023-03-15 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. | |||||
| CVE-2021-4330 | 1 Envato | 2 Envato Elements, Template Kit - Import | 2023-03-14 | N/A | 8.8 HIGH |
| The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit – Import and versions up to and including 2.0.10 of Envato Elements & Download. | |||||
| CVE-2023-22890 | 1 Smartbear | 1 Zephyr Enterprise | 2023-03-14 | N/A | 7.5 HIGH |
| SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. | |||||
| CVE-2021-33352 | 1 Wyomind | 1 Help Desk | 2023-03-14 | N/A | 9.8 CRITICAL |
| An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field. | |||||
| CVE-2015-10087 | 1 Upthemes | 1 Designfolio-plus | 2023-03-14 | N/A | 8.8 HIGH |
| ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-1185 | 1 Shopex | 1 Ecshop | 2023-03-13 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222357 was assigned to this vulnerability. | |||||
| CVE-2023-1184 | 1 Shopex | 1 Ecshop | 2023-03-13 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup Database Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222356. | |||||
| CVE-2023-26949 | 1 Onekeyadmin | 1 Onekeyadmin | 2023-03-13 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-4328 | 1 Najeebmedia | 1 Woocommerce Checkout Field Manager | 2023-03-10 | N/A | 9.8 CRITICAL |
| The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server | |||||
| CVE-2023-20009 | 1 Cisco | 2 Email Security Appliance, Secure Email And Web Manager | 2023-03-10 | N/A | 7.2 HIGH |
| A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a [[privilege of operator - validate actual name]]. The vulnerability is due to the processing of a specially crafted SNMP configuration file. An attacker could exploit this vulnerability by authenticating to the targeted device and uploading a specially crafted SNMP configuration file that when uploaded could allow for the execution of commands as root. An exploit could allow the attacker to gain root access on the device. | |||||
| CVE-2023-25402 | 1 Yf-exam Project | 1 Yf-exam | 2023-03-10 | N/A | 7.5 HIGH |
| CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload. | |||||
| CVE-2023-24045 | 1 Dataiku | 1 Data Science Studio | 2023-03-09 | N/A | 6.5 MEDIUM |
| In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request. | |||||
| CVE-2023-24249 | 1 Laravel-admin | 1 Laravel-admin | 2023-03-07 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2021-35290 | 1 Balero Cms Project | 1 Balero Cms | 2023-03-06 | N/A | 7.2 HIGH |
| File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page. | |||||
| CVE-2021-33224 | 1 Umbraco | 1 Umbraco Forms | 2023-03-06 | N/A | 9.8 CRITICAL |
| File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. | |||||
| CVE-2023-26762 | 1 Smeup | 1 Erp | 2023-03-03 | N/A | 8.8 HIGH |
| Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. | |||||
| CVE-2023-24317 | 1 Judging Management System Project | 1 Judging Management System | 2023-03-03 | N/A | 8.1 HIGH |
| Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. | |||||
| CVE-2022-2883 | 1 Octopus | 1 Octopus Server | 2023-03-03 | N/A | 7.5 HIGH |
| In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | |||||
| CVE-2022-39983 | 1 Instantdeveloper | 1 Rd3 | 2023-03-02 | N/A | 9.8 CRITICAL |
| File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute arbitrary code. | |||||