Total
2929 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15580 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content. | ||||
| CVE-2017-15549 | 1 Emc | 3 Avamar Server, Integrated Data Protection Appliance, Networker | 2024-11-21 | N/A |
| An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. | ||||
| CVE-2017-15054 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A |
| An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server. | ||||
| CVE-2017-14958 | 1 Pivotx | 1 Pivotx | 2024-11-21 | N/A |
| lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file. | ||||
| CVE-2017-14841 | 1 Dasinfomedia | 1 Annual Maintenance Contract Management System | 2024-11-21 | N/A |
| Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | ||||
| CVE-2017-14840 | 1 Teamworktec | 1 Ticketplus | 2024-11-21 | N/A |
| TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | ||||
| CVE-2017-14839 | 1 Teamworktec | 1 Photo Fusion | 2024-11-21 | N/A |
| TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | ||||
| CVE-2017-14838 | 1 Teamworktec | 1 Job Links | 2024-11-21 | N/A |
| TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | ||||
| CVE-2017-14704 | 1 Claydip | 1 Airbnb Clone | 2024-11-21 | N/A |
| Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. | ||||
| CVE-2017-14521 | 1 Wondercms | 1 Wondercms | 2024-11-21 | N/A |
| In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload. | ||||
| CVE-2017-14399 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | N/A |
| In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. | ||||
| CVE-2017-14346 | 1 Blog Project | 1 Blog | 2024-11-21 | N/A |
| upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | ||||
| CVE-2017-14251 | 1 Typo3 | 1 Typo3 | 2024-11-21 | N/A |
| Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. | ||||
| CVE-2017-14123 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp. | ||||
| CVE-2017-14079 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A |
| Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | ||||
| CVE-2017-14050 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | N/A |
| In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. | ||||
| CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2024-11-21 | N/A |
| A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | ||||
| CVE-2017-13156 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847. | ||||
| CVE-2017-12929 | 1 Tecnovision | 1 Dlx Spot Player4 | 2024-11-21 | N/A |
| Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | ||||
| CVE-2017-12678 | 2 Debian, Taglib | 2 Debian Linux, Taglib | 2024-11-21 | 8.8 High |
| In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. | ||||