Total
3074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28700 | 1 Itpison | 1 Omicard Edm | 2024-11-21 | N/A | 6.8 MEDIUM |
| OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | |||||
| CVE-2023-28699 | 1 Wddgroup | 1 Fantasy | 2024-11-21 | N/A | 8.8 HIGH |
| Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service. | |||||
| CVE-2023-28482 | 1 Tigergraph | 1 Tigergraph | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has permissions to upload data can browse data uploaded by any other user (irrespective of their permissions). | |||||
| CVE-2023-28480 | 1 Tigergraph | 1 Tigergraph | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An attacker who has filesystem access on a remote TigerGraph system can alter the behavior of the database against the will of the database administrator; thus effectively bypassing the built in RBAC controls. | |||||
| CVE-2023-28337 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device. | |||||
| CVE-2023-28170 | 1 Themely | 1 Theme Demo Import | 2024-11-21 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.This issue affects Theme Demo Import: from n/a through 1.1.1. | |||||
| CVE-2023-27881 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 8.0 HIGH |
| A user could use the “Upload Resource” functionality to upload files to any location on the disk. | |||||
| CVE-2023-27757 | 1 Perfree | 1 Perfreeblog | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file. | |||||
| CVE-2023-27440 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17. | |||||
| CVE-2023-27235 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. | |||||
| CVE-2023-27164 | 1 Halo | 1 Halo | 2024-11-21 | N/A | 4.8 MEDIUM |
| An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. | |||||
| CVE-2023-27083 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A | 7.2 HIGH |
| An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. | |||||
| CVE-2023-26949 | 1 Onekeyadmin | 1 Onekeyadmin | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2023-26775 | 1 Monitorr | 1 Monitorr | 2024-11-21 | N/A | 7.8 HIGH |
| File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. | |||||
| CVE-2023-26762 | 1 Smeup | 1 Erp | 2024-11-21 | N/A | 8.8 HIGH |
| Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. | |||||
| CVE-2023-26578 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 8.8 HIGH |
| Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. | |||||
| CVE-2023-25970 | 1 Zendrop | 1 Zendrop | 2024-11-21 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | |||||
| CVE-2023-25909 | 1 Hgiga | 1 Oaklouds Portal | 2024-11-21 | N/A | 9.8 CRITICAL |
| HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service. | |||||
| CVE-2023-25655 | 1 Basercms | 1 Basercms | 2024-11-21 | N/A | 9.8 CRITICAL |
| baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch. | |||||
| CVE-2023-25654 | 1 Basercms | 1 Basercms | 2024-11-21 | N/A | 9.8 CRITICAL |
| baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch. | |||||