Total
3294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7902 | 1 Dotclear | 1 Dotclear | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20. | |||||
| CVE-2016-7095 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | |||||
| CVE-2016-9187 | 1 Moodle | 1 Moodle | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | |||||
| CVE-2016-5050 | 1 Readydesk | 1 Readydesk | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file. | |||||
| CVE-2015-1000013 | 1 Csv2wpec-coupon Project | 1 Csv2wpec-coupon | 2025-04-12 | 5.0 MEDIUM | 7.8 HIGH |
| Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 | |||||
| CVE-2016-9268 | 1 Dotclear | 1 Dotclear | 2025-04-12 | 9.0 HIGH | 7.2 HIGH |
| Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors. | |||||
| CVE-2015-1000001 | 1 Fast-image-adder Project | 1 Fast-image-adder | 2025-04-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | |||||
| CVE-2015-0702 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | 9.0 HIGH | N/A |
| Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. | |||||
| CVE-2016-2914 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension. | |||||
| CVE-2015-4524 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2025-04-12 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server. | |||||
| CVE-2016-7452 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | |||||
| CVE-2016-9186 | 1 Moodle | 1 Moodle | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | |||||
| CVE-2025-32140 | 2025-04-11 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail allows Upload a Web Shell to a Web Server. This issue affects WP Remote Thumbnail: from n/a through 1.3.1. | |||||
| CVE-2025-32202 | 2025-04-11 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress allows Upload a Web Shell to a Web Server. This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000025. | |||||
| CVE-2025-32215 | 2025-04-11 | N/A | 6.5 MEDIUM | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite by Online ADA allows Stored XSS. This issue affects Accessibility Suite by Online ADA: from n/a through 4.18. | |||||
| CVE-2025-32206 | 2025-04-11 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects allows Upload a Web Shell to a Web Server. This issue affects Processing Projects: from n/a through 1.0.2. | |||||
| CVE-2025-32579 | 2025-04-11 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts allows Upload a Web Shell to a Web Server. This issue affects Sync Posts: from n/a through 1.0. | |||||
| CVE-2024-3229 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-11 | N/A | 9.8 CRITICAL |
| The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2023-30613 | 1 Kiwitcms | 1 Kiwi Tcms | 2025-04-11 | N/A | 8.1 HIGH |
| Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer. Kiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `<script>` tag, regardless of their type are also denied b/c they are a path to XSS attacks. There are no known workarounds aside from upgrading. | |||||
| CVE-2023-45595 | 1 Ailux | 1 Imx6 | 2025-04-11 | N/A | 5.9 MEDIUM |
| A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. | |||||