Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8862 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2017-12-12 | 10.0 HIGH | 9.8 CRITICAL |
| The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges. | |||||
| CVE-2017-2737 | 1 Huawei | 2 Vcm5010, Vcm5010 Firmware | 2017-12-11 | 6.5 MEDIUM | 8.8 HIGH |
| VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system. | |||||
| CVE-2017-15054 | 1 Teampass | 1 Teampass | 2017-12-07 | 6.5 MEDIUM | 7.5 HIGH |
| An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server. | |||||
| CVE-2017-14251 | 1 Typo3 | 1 Typo3 | 2017-12-03 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. | |||||
| CVE-2017-1000238 | 1 Invoiceplane | 1 Invoiceplane | 2017-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver. | |||||
| CVE-2017-16524 | 2 Hanwhasecurity, Samsung | 2 Web Viewer, Srn-1670d | 2017-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI. | |||||
| CVE-2017-15957 | 1 Ingenious School Management System Project | 1 Ingenious School Management System | 2017-11-17 | 6.5 MEDIUM | 8.8 HIGH |
| my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. | |||||
| CVE-2017-15962 | 1 Istock Management System Project | 1 Istock Management System | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| iStock Management System 1.0 allows Arbitrary File Upload via user/profile. | |||||
| CVE-2014-2664 | 1 X2engine | 1 X2crm | 2017-11-08 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2015-2780 | 1 Berta | 1 Berta Cms | 2017-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2011-4334 | 1 Labwiki Project | 1 Labwiki | 2017-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter. | |||||
| CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2017-10-10 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | |||||
| CVE-2017-14704 | 1 Claydip | 1 Airbnb Clone | 2017-10-10 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. | |||||
| CVE-2017-14958 | 1 Pivotx | 1 Pivotx | 2017-10-06 | 6.5 MEDIUM | 7.2 HIGH |
| lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file. | |||||
| CVE-2015-8249 | 1 Manageengine | 1 Desktop Central | 2017-10-06 | 10.0 HIGH | 9.8 CRITICAL |
| The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. | |||||
| CVE-2017-14839 | 1 Teamworktec | 1 Photo Fusion | 2017-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | |||||
| CVE-2017-14838 | 1 Teamworktec | 1 Job Links | 2017-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | |||||
| CVE-2017-14840 | 1 Teamworktec | 1 Ticketplus | 2017-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | |||||
| CVE-2017-14841 | 1 Dasinfomedia | 1 Annual Maintenance Contract Management System | 2017-10-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | |||||
| CVE-2017-14079 | 1 Trendmicro | 1 Mobile Security | 2017-09-29 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | |||||