Total
2929 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7571 | 1 Yeager | 1 Yeager Cms | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | ||||
| CVE-2015-7341 | 1 Joobi | 1 Jnews | 2024-11-21 | 8.8 High |
| JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. | ||||
| CVE-2015-7339 | 1 Widgetfactorylimited | 1 Jce | 2024-11-21 | 8.8 High |
| JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script. | ||||
| CVE-2015-6000 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 8.8 High |
| Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/. | ||||
| CVE-2015-5951 | 1 Thomsonreuters | 1 Fatca | 2024-11-21 | 9.9 Critical |
| A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands. | ||||
| CVE-2015-5601 | 1 Edx | 1 Edx-platform | 2024-11-21 | N/A |
| edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. | ||||
| CVE-2015-4553 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 8.8 High |
| A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. | ||||
| CVE-2015-4524 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server. | ||||
| CVE-2015-4463 | 1 Efrontlearning | 1 Efront | 2024-11-21 | N/A |
| The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL. | ||||
| CVE-2015-4462 | 1 Efrontlearning | 1 Efront | 2024-11-21 | N/A |
| Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php. | ||||
| CVE-2015-4455 | 1 Aviary Image Editor Add-on For Gravity Forms Project | 1 Aviary Image Editor Add-on For Gravity Forms | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. | ||||
| CVE-2015-3884 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 8.8 High |
| Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. | ||||
| CVE-2015-2780 | 1 Berta | 1 Berta Cms | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
| CVE-2015-1785 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 6.5 Medium |
| In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | ||||
| CVE-2015-1784 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 8.8 High |
| In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | ||||
| CVE-2015-10087 | 1 Upthemes | 1 Designfolio-plus | 2024-11-21 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2015-1000013 | 1 Csv2wpec-coupon Project | 1 Csv2wpec-coupon | 2024-11-21 | N/A |
| Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 | ||||
| CVE-2015-1000001 | 1 Fast-image-adder Project | 1 Fast-image-adder | 2024-11-21 | N/A |
| Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | ||||
| CVE-2015-1000000 | 1 Mailcwp Project | 1 Mailcwp | 2024-11-21 | N/A |
| Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | ||||
| CVE-2015-0796 | 1 Opensuse | 1 Open Buildservice | 2024-11-21 | N/A |
| In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service. | ||||