Total
3074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25444 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7. | |||||
| CVE-2023-25365 | 1 Octobercms | 1 October | 2024-11-21 | N/A | 7.8 HIGH |
| Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3 | |||||
| CVE-2023-25132 | 1 Cyberpower | 1 Powerpanel | 2024-11-21 | N/A | 9.1 CRITICAL |
| Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors. | |||||
| CVE-2023-24530 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | N/A | 8.4 HIGH |
| SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2023-24517 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 6.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms. | |||||
| CVE-2023-24317 | 1 Judging Management System Project | 1 Judging Management System | 2024-11-21 | N/A | 8.1 HIGH |
| Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. | |||||
| CVE-2023-24249 | 1 Laravel-admin | 1 Laravel-admin | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2023-23970 | 1 Woorockets | 1 Corsa | 2024-11-21 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.This issue affects Corsa: from n/a through 1.5. | |||||
| CVE-2023-23937 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 8.2 HIGH |
| Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16. | |||||
| CVE-2023-23851 | 1 Sap | 1 Business Planning And Consolidation | 2024-11-21 | N/A | 5.4 MEDIUM |
| SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system. | |||||
| CVE-2023-23707 | 1 Awsm | 1 Embed Any Document | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue affects Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin <= 2.7.1 versions. | |||||
| CVE-2023-23656 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1. | |||||
| CVE-2023-23607 | 1 Dasherr Project | 1 Dasherr | 2024-11-21 | N/A | 9.8 CRITICAL |
| erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-22937 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. | |||||
| CVE-2023-22504 | 1 Atlassian | 1 Confluence Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature. | |||||
| CVE-2023-22450 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | N/A | 7.2 HIGH |
| In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. | |||||
| CVE-2023-20196 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | N/A | 4.7 MEDIUM |
| Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges. | |||||
| CVE-2023-20195 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | N/A | 4.7 MEDIUM |
| Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges. | |||||
| CVE-2023-20134 | 1 Cisco | 1 Webex Meetings | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20073 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device. | |||||