Total
2956 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9402 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. | |||||
| CVE-2015-9341 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. | |||||
| CVE-2015-9340 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. | |||||
| CVE-2015-9339 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. | |||||
| CVE-2015-9338 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. | |||||
| CVE-2015-9271 | 1 Videowhisper | 1 Video Conference | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905. | |||||
| CVE-2015-9263 | 1 Idera | 1 Uptime Infrastructure Monitor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands. | |||||
| CVE-2015-9259 | 1 Docker | 1 Notary | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file. | |||||
| CVE-2015-7341 | 1 Joobi | 1 Jnews | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. | |||||
| CVE-2015-7339 | 1 Widgetfactorylimited | 1 Jce | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script. | |||||
| CVE-2015-6000 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/. | |||||
| CVE-2015-5951 | 1 Thomsonreuters | 1 Fatca | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands. | |||||
| CVE-2015-5601 | 1 Edx | 1 Edx-platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. | |||||
| CVE-2015-4553 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. | |||||
| CVE-2015-1784 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | |||||
| CVE-2015-10087 | 1 Upthemes | 1 Designfolio-plus | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2015-0258 | 3 Canonical, Debian, O-dyn | 3 Ubuntu Linux, Debian Linux, Collabtive | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. | |||||
| CVE-2014-8739 | 2 Creative-solutions, Jquery File Upload Project | 2 Creative Contact Form, Jquery File Upload | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. | |||||
| CVE-2014-8516 | 1 Cloudfastpath | 1 Netcharts Server | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | |||||
| CVE-2014-8337 | 1 Helpdezk | 1 Helpdezk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. | |||||