Total
4066 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4183 | 1 Opensuse | 1 Open Build Service | 2026-06-16 | 7.5 HIGH | 6.5 MEDIUM |
| A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. | |||||
| CVE-2011-2933 | 1 Websitebaker | 1 Websitebaker | 2026-06-16 | 6.5 MEDIUM | 7.2 HIGH |
| An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions. | |||||
| CVE-2011-1597 | 1 Openvas | 1 Openvas Manager | 2026-06-16 | 6.5 MEDIUM | 8.8 HIGH |
| OpenVAS Manager v2.0.3 allows plugin remote code execution. | |||||
| CVE-2011-1134 | 1 S9y | 1 Serendipity | 2026-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. | |||||
| CVE-2011-10041 | 2026-06-16 | N/A | N/A | ||
| Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in process_upload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution by uploading executable content to a web-accessible location. | |||||
| CVE-2011-10004 | 1 Reciply Project | 1 Reciply | 2026-06-16 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability. | |||||
| CVE-2010-4661 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2026-06-16 | 4.6 MEDIUM | 7.8 HIGH |
| udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | |||||
| CVE-2010-3663 | 1 Typo3 | 1 Typo3 | 2026-06-16 | 6.5 MEDIUM | 8.8 HIGH |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | |||||
| CVE-2010-1433 | 1 Joomla | 1 Joomla\! | 2026-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | |||||
| CVE-2009-20011 | 2026-06-16 | N/A | N/A | ||
| ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. Additionally, the exploit can optionally escalate privileges by abusing insecure PATH usage in the benetool binary, resulting in root-level access if successful. | |||||
| CVE-2009-20006 | 2026-06-16 | N/A | N/A | ||
| osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to upload a .php file containing arbitrary code, which is then executed by the server. | |||||
| CVE-2006-6994 | 1 Indirmax.org | 1 Ozzywork Galeri | 2026-06-16 | 6.4 MEDIUM | N/A |
| Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks. | |||||
| CVE-2006-5845 | 1 Speedywiki | 1 Speedywiki | 2026-06-16 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1. | |||||
| CVE-2006-4558 | 1 Deluxebb | 1 Deluxebb | 2026-06-16 | 7.5 HIGH | N/A |
| DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php. | |||||
| CVE-2006-4471 | 1 Joomla | 1 Joomla\! | 2026-06-16 | 6.5 MEDIUM | N/A |
| The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. | |||||
| CVE-2006-2428 | 1 Duware Dubanner Project | 1 Duware Dubanner | 2026-06-16 | 7.5 HIGH | N/A |
| add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague. | |||||
| CVE-2005-3288 | 1 Rockliffe | 1 Mailsite Express | 2026-06-16 | 5.0 MEDIUM | N/A |
| Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message. | |||||
| CVE-2005-1881 | 1 Yapig | 1 Yapig | 2026-06-16 | 7.5 HIGH | N/A |
| upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code. | |||||
| CVE-2005-1868 | 1 Yvesglodt | 1 I-man | 2026-06-16 | 7.5 HIGH | N/A |
| I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. | |||||
| CVE-2005-0254 | 1 Guillaumegardey | 1 Biborb | 2026-06-16 | 4.3 MEDIUM | 3.7 LOW |
| BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files. | |||||