Export limit exceeded: 364929 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (4318 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15580 1 Osticket 1 Osticket 2025-04-20 N/A
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.
CVE-2017-15962 1 Istock Management System Project 1 Istock Management System 2025-04-20 N/A
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
CVE-2017-11326 1 Tilde Cms Project 1 Tilde Cms 2025-04-20 N/A
An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation.
CVE-2017-1000238 1 Invoiceplane 1 Invoiceplane 2025-04-20 N/A
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.
CVE-2013-7426 1 Kamailio 1 Kamailio 2025-04-20 N/A
Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.
CVE-2017-16949 1 Accesspressthemes 1 Anonymous Post Pro 2025-04-20 N/A
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution.
CVE-2017-14841 1 Dasinfomedia 1 Annual Maintenance Contract Management System 2025-04-20 N/A
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
CVE-2017-14840 1 Teamworktec 1 Ticketplus 2025-04-20 N/A
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
CVE-2015-2780 1 Berta 1 Berta Cms 2025-04-20 N/A
Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
CVE-2017-1000081 1 Onosproject 1 Onos 2025-04-20 9.8 Critical
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
CVE-2017-14839 1 Teamworktec 1 Photo Fusion 2025-04-20 N/A
TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
CVE-2017-17987 1 Muslim Matrimonial Script Project 1 Muslim Matrimonial Script 2025-04-20 N/A
PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.
CVE-2017-14079 1 Trendmicro 1 Mobile Security 2025-04-20 N/A
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
CVE-2017-9380 1 Open-emr 1 Openemr 2025-04-20 8.8 High
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
CVE-2017-11404 1 Cmsmadesimple 1 Cms Made Simple 2025-04-20 N/A
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.
CVE-2017-1002003 1 Wp2android-turn-wp-site-into-android-app Project 1 Wp2android-turn-wp-site-into-android-app 2025-04-20 N/A
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
CVE-2017-14346 1 Blog Project 1 Blog 2025-04-20 N/A
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.
CVE-2016-6104 1 Ibm 1 Security Key Lifecycle Manager 2025-04-20 N/A
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.
CVE-2017-1002008 1 Membership Simplified Project 1 Membership Simplified 2025-04-20 9.8 Critical
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
CVE-2017-17874 1 Vanguard Project 1 Marketplace Digital Products Php 2025-04-20 N/A
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.