Total
3048 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0254 | 1 Guillaumegardey | 1 Biborb | 2025-04-03 | 4.3 MEDIUM | 3.7 LOW |
| BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files. | |||||
| CVE-2005-1868 | 1 Yvesglodt | 1 I-man | 2025-04-03 | 7.5 HIGH | N/A |
| I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. | |||||
| CVE-2006-4558 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 7.5 HIGH | N/A |
| DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php. | |||||
| CVE-2001-0340 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 7.5 HIGH | N/A |
| An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. | |||||
| CVE-2005-3288 | 1 Rockliffe | 1 Mailsite Express | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message. | |||||
| CVE-2004-2262 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
| ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. | |||||
| CVE-2006-2428 | 1 Duware Dubanner Project | 1 Duware Dubanner | 2025-04-03 | 7.5 HIGH | N/A |
| add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague. | |||||
| CVE-2021-27860 | 1 Fatpipeinc | 6 Ipvpn, Ipvpn Firmware, Mpvpn and 3 more | 2025-04-02 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006. | |||||
| CVE-2024-25274 | 1 Xxyopen | 1 Novel-plus | 2025-04-02 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-22824 | 1 Auntvt | 1 Timo | 2025-04-02 | N/A | 9.8 CRITICAL |
| An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. | |||||
| CVE-2022-47042 | 1 Mingsoft | 1 Mcms | 2025-04-02 | N/A | 8.8 HIGH |
| MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do. | |||||
| CVE-2022-40037 | 1 Javaweb Blog Project | 1 Javaweb Blog | 2025-04-02 | N/A | 9.8 CRITICAL |
| An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile. | |||||
| CVE-2022-3478 | 1 Gitlab | 1 Gitlab | 2025-04-02 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package. | |||||
| CVE-2024-32254 | 1 Phpgurukul | 1 Tourism Management System | 2025-04-02 | N/A | 8.8 HIGH |
| Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image. | |||||
| CVE-2025-2005 | 2025-04-02 | N/A | 9.8 CRITICAL | ||
| The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-27692 | 2025-04-02 | N/A | 4.7 MEDIUM | ||
| Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution | |||||
| CVE-2024-32256 | 1 Phpgurukul | 1 Tourism Management System | 2025-04-02 | N/A | 8.1 HIGH |
| Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image. | |||||
| CVE-2024-57169 | 1 Soplanning | 1 Soplanning | 2025-04-02 | N/A | 9.8 CRITICAL |
| A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files. | |||||
| CVE-2024-8958 | 1 Composio | 1 Composio | 2025-04-01 | N/A | 9.8 CRITICAL |
| In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution. | |||||
| CVE-2025-2978 | 2025-04-01 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||