Total
2929 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9268 | 1 Dotclear | 1 Dotclear | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors. | ||||
| CVE-2016-9187 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | ||||
| CVE-2016-9186 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | ||||
| CVE-2016-8973 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2024-11-21 | N/A |
| IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960. | ||||
| CVE-2016-8921 | 1 Ibm | 1 Filenet Workplace Xt | 2024-11-21 | N/A |
| IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | ||||
| CVE-2016-8515 | 1 Hp | 1 Version Control Repository Manager | 2024-11-21 | N/A |
| A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. | ||||
| CVE-2016-7902 | 1 Dotclear | 1 Dotclear | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20. | ||||
| CVE-2016-7452 | 1 Exponentcms | 1 Exponent Cms | 2024-11-21 | N/A |
| The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | ||||
| CVE-2016-7443 | 1 Exponentcms | 1 Exponent Cms | 2024-11-21 | N/A |
| Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." | ||||
| CVE-2016-7095 | 1 Exponentcms | 1 Exponent Cms | 2024-11-21 | N/A |
| Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | ||||
| CVE-2016-6918 | 1 Lexmark | 1 Markvision Enterprise | 2024-11-21 | 9.8 Critical |
| Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. ( | ||||
| CVE-2016-6124 | 1 Ibm | 1 Kenexa Lms On Cloud | 2024-11-21 | N/A |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | ||||
| CVE-2016-6104 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. | ||||
| CVE-2016-5050 | 1 Readydesk | 1 Readydesk | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file. | ||||
| CVE-2016-1713 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000. | ||||
| CVE-2016-11020 | 1 Kunena | 1 Kunena | 2024-11-21 | 9.8 Critical |
| Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. | ||||
| CVE-2016-10995 | 1 Templatic | 1 Telvolution | 2024-11-21 | 9.8 Critical |
| The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php. | ||||
| CVE-2016-10959 | 1 Estatik | 1 Estatik | 2024-11-21 | 6.5 Medium |
| The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. | ||||
| CVE-2016-10958 | 1 Estatik | 1 Estatik | 2024-11-21 | 7.5 High |
| The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. | ||||
| CVE-2016-10955 | 1 Cysteme | 1 Cysteme-finder | 2024-11-21 | 9.8 Critical |
| The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. | ||||