Total
2929 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10954 | 1 Dynamicpress | 1 Neosense | 2024-11-21 | 9.8 Critical |
| The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | ||||
| CVE-2016-10758 | 1 Phpkit | 1 Phpkit | 2024-11-21 | N/A |
| PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter. | ||||
| CVE-2016-10752 | 1 S9y | 1 Serendipity | 2024-11-21 | N/A |
| serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. | ||||
| CVE-2016-10751 | 1 Osclass | 1 Osclass | 2024-11-21 | N/A |
| osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload. | ||||
| CVE-2016-10258 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. | ||||
| CVE-2016-10036 | 1 Jfrog | 1 Artifactory | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. | ||||
| CVE-2016-0354 | 1 Ibm | 1 Sametime | 2024-11-21 | N/A |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893. | ||||
| CVE-2015-9499 | 1 Themepunch | 1 Showbiz Pro | 2024-11-21 | 9.8 Critical |
| The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. | ||||
| CVE-2015-9479 | 1 Advancedcustomfields | 1 Acf Fronted Display | 2024-11-21 | 9.8 Critical |
| The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php. | ||||
| CVE-2015-9471 | 1 Digitalzoomstudio | 1 Zoomsounds | 2024-11-21 | 9.8 Critical |
| The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload. | ||||
| CVE-2015-9402 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 8.8 High |
| The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. | ||||
| CVE-2015-9341 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | N/A |
| The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. | ||||
| CVE-2015-9340 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | N/A |
| The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. | ||||
| CVE-2015-9339 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | N/A |
| The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. | ||||
| CVE-2015-9338 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | N/A |
| The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. | ||||
| CVE-2015-9271 | 1 Videowhisper | 1 Video Conference | 2024-11-21 | N/A |
| The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905. | ||||
| CVE-2015-9263 | 1 Idera | 1 Uptime Infrastructure Monitor | 2024-11-21 | N/A |
| An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands. | ||||
| CVE-2015-9259 | 1 Docker | 1 Notary | 2024-11-21 | N/A |
| In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file. | ||||
| CVE-2015-9228 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | N/A |
| In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | ||||
| CVE-2015-8249 | 1 Manageengine | 1 Desktop Central | 2024-11-21 | N/A |
| The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. | ||||