Total
2195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5520 | 1 Metalgenix | 1 Genixcms | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. | |||||
| CVE-2015-1000000 | 1 Mailcwp Project | 1 Mailcwp | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | |||||
| CVE-2016-9186 | 1 Moodle | 1 Moodle | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | |||||
| CVE-2015-4524 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2023-12-10 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server. | |||||
| CVE-2015-1000001 | 1 Fast-image-adder Project | 1 Fast-image-adder | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | |||||
| CVE-2016-9187 | 1 Moodle | 1 Moodle | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | |||||
| CVE-2016-2914 | 1 Ibm | 1 Rational Publishing Engine | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension. | |||||
| CVE-2016-7095 | 1 Exponentcms | 1 Exponent Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | |||||
| CVE-2016-5050 | 1 Readydesk | 1 Readydesk | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file. | |||||
| CVE-2015-1000013 | 1 Csv2wpec-coupon Project | 1 Csv2wpec-coupon | 2023-12-10 | 5.0 MEDIUM | 7.8 HIGH |
| Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 | |||||
| CVE-2016-7452 | 1 Exponentcms | 1 Exponent Cms | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | |||||
| CVE-2015-0702 | 1 Cisco | 1 Unified Meetingplace | 2023-12-10 | 9.0 HIGH | N/A |
| Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. | |||||
| CVE-2006-4471 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 6.5 MEDIUM | N/A |
| The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. | |||||
| CVE-2001-1099 | 2 Microsoft, Symantec | 2 Exchange Server, Norton Antivirus | 2023-12-10 | 5.0 MEDIUM | N/A |
| The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. | |||||
| CVE-2001-0340 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 7.5 HIGH | N/A |
| An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. | |||||