Total
2982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5144 | 1 Dlink | 4 Dar-7000, Dar-7000 Firmware, Dar-8000 and 1 more | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /sysmanage/updateos.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240240. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2023-5034 | 1 My Food Recipe Project | 1 My Food Recipe | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. This vulnerability affects unknown code of the file index.php of the component Image Upload Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239878 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-52324 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | N/A | 8.8 HIGH |
| An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code. | |||||
| CVE-2023-52221 | 1 Ukrsolution | 1 Barcode Scanner And Inventory Manager | 2024-11-21 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1. | |||||
| CVE-2023-52086 | 1 Startutorial | 1 Php Backend For Resumable.js | 2024-11-21 | N/A | 8.1 HIGH |
| resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.) | |||||
| CVE-2023-51928 | 1 Yonyou | 1 Yonbip | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2023-51925 | 1 Yonyou | 1 Yonbip | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2023-51924 | 1 Yonyou | 1 Yonbip | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2023-51806 | 1 Ujcms | 1 Ujcms | 2024-11-21 | N/A | 5.4 MEDIUM |
| File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file. | |||||
| CVE-2023-51590 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpLoadAction class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22080. | |||||
| CVE-2023-51475 | 1 Wpmlmsoftware | 1 Wp Mlm Unilevel | 2024-11-21 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0. | |||||
| CVE-2023-51473 | 1 Pixelemu | 1 Terraclassifieds | 2024-11-21 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3. | |||||
| CVE-2023-51468 | 1 Boiteasite | 1 Download Rencontre - Dating Site | 2024-11-21 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. | |||||
| CVE-2023-51421 | 1 Soft8soft | 1 Verge3d | 2024-11-21 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | |||||
| CVE-2023-51419 | 1 Bertha | 1 Bertha Ai | 2024-11-21 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7. | |||||
| CVE-2023-51417 | 1 Jorisvm | 1 Jvm Gutenberg Rich Text Icons | 2024-11-21 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3. | |||||
| CVE-2023-51412 | 1 Piotnet | 1 Piotnet Forms | 2024-11-21 | N/A | 9.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25. | |||||
| CVE-2023-51411 | 1 Dynamiapps | 1 Frontend Admin | 2024-11-21 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3. | |||||
| CVE-2023-51410 | 1 Wpvibes | 1 Wp Mail Log | 2024-11-21 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2. | |||||
| CVE-2023-51034 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. | |||||