Search Results (4145 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7695 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.
CVE-2017-7281 1 Unitrends 1 Enterprise Backup 2025-04-20 N/A
An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.
CVE-2017-12678 2 Debian, Taglib 2 Debian Linux, Taglib 2025-04-20 8.8 High
In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.
CVE-2017-12332 1 Cisco 2 Nx-os, Unified Computing System 2025-04-20 N/A
A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832.
CVE-2017-11404 1 Cmsmadesimple 1 Cms Made Simple 2025-04-20 N/A
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.
CVE-2017-11326 1 Tilde Cms Project 1 Tilde Cms 2025-04-20 N/A
An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation.
CVE-2016-8973 1 Ibm 1 Rational Rhapsody Design Manager 2025-04-20 N/A
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960.
CVE-2017-16949 1 Accesspressthemes 1 Anonymous Post Pro 2025-04-20 N/A
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution.
CVE-2017-16941 1 Octobercms 1 October 2025-04-20 N/A
October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. NOTE: the vendor says "I don't think [an attacker able to login to the system under an account that has access to manage/upload themes] is a threat model that we need to be considering.
CVE-2016-1713 1 Vtiger 1 Vtiger Crm 2025-04-20 N/A
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.
CVE-2017-14841 1 Dasinfomedia 1 Annual Maintenance Contract Management System 2025-04-20 N/A
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
CVE-2017-14840 1 Teamworktec 1 Ticketplus 2025-04-20 N/A
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
CVE-2017-14839 1 Teamworktec 1 Photo Fusion 2025-04-20 N/A
TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
CVE-2017-14838 1 Teamworktec 1 Job Links 2025-04-20 N/A
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
CVE-2016-0354 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893.
CVE-2014-9312 1 10web 1 Photo Gallery 2025-04-20 N/A
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
CVE-2017-14704 1 Claydip 1 Airbnb Clone 2025-04-20 N/A
Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile.
CVE-2017-3108 1 Adobe 1 Experience Manager 2025-04-20 N/A
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.
CVE-2017-9840 1 Dolibarr 1 Dolibarr 2025-04-20 N/A
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
CVE-2016-6104 1 Ibm 1 Security Key Lifecycle Manager 2025-04-20 N/A
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.