Export limit exceeded: 16514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4322 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7989 | 1 Joomla | 1 Joomla\! | 2025-04-20 | N/A |
| In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. | ||||
| CVE-2017-9364 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | ||||
| CVE-2017-9380 | 1 Open-emr | 1 Openemr | 2025-04-20 | 8.8 High |
| OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | ||||
| CVE-2017-16941 | 1 Octobercms | 1 October | 2025-04-20 | N/A |
| October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. NOTE: the vendor says "I don't think [an attacker able to login to the system under an account that has access to manage/upload themes] is a threat model that we need to be considering. | ||||
| CVE-2016-0354 | 1 Ibm | 1 Sametime | 2025-04-20 | N/A |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893. | ||||
| CVE-2015-7571 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | N/A |
| Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | ||||
| CVE-2015-4463 | 1 Efrontlearning | 1 Efront | 2025-04-20 | N/A |
| The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL. | ||||
| CVE-2015-4462 | 1 Efrontlearning | 1 Efront | 2025-04-20 | N/A |
| Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php. | ||||
| CVE-2015-4455 | 1 Aviary Image Editor Add-on For Gravity Forms Project | 1 Aviary Image Editor Add-on For Gravity Forms | 2025-04-20 | N/A |
| Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. | ||||
| CVE-2017-15990 | 1 Savsofteproducts | 1 Phpinventory | 2025-04-20 | 9.8 Critical |
| Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. | ||||
| CVE-2013-7426 | 1 Kamailio | 1 Kamailio | 2025-04-20 | N/A |
| Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | ||||
| CVE-2017-1000081 | 1 Onosproject | 1 Onos | 2025-04-20 | 9.8 Critical |
| Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | ||||
| CVE-2017-17987 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2025-04-20 | N/A |
| PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | ||||
| CVE-2017-1000119 | 1 Octobercms | 1 October | 2025-04-20 | N/A |
| October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | ||||
| CVE-2017-10940 | 1 Joyent | 1 Triton Datacenter | 2025-04-20 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853. | ||||
| CVE-2017-11756 | 1 Earcms | 1 Ear Music | 2025-04-20 | N/A |
| In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code. | ||||
| CVE-2017-13156 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847. | ||||
| CVE-2017-14251 | 1 Typo3 | 1 Typo3 | 2025-04-20 | N/A |
| Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. | ||||
| CVE-2017-14346 | 1 Blog Project | 1 Blog | 2025-04-20 | N/A |
| upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | ||||
| CVE-2017-14399 | 1 Blackcat-cms | 1 Blackcat Cms | 2025-04-20 | N/A |
| In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. | ||||