Search Results (4292 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-8249 1 Manageengine 1 Desktop Central 2025-04-20 N/A
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.
CVE-2017-15054 1 Teampass 1 Teampass 2025-04-20 N/A
An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server.
CVE-2017-14958 1 Pivotx 1 Pivotx 2025-04-20 N/A
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.
CVE-2017-13156 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
CVE-2016-0354 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893.
CVE-2017-8862 1 Cohuhd 2 3960hd, 3960hd Firmware 2025-04-20 N/A
The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges.
CVE-2017-9080 1 Playsms 1 Playsms 2025-04-20 N/A
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
CVE-2016-1713 1 Vtiger 1 Vtiger Crm 2025-04-20 N/A
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.
CVE-2017-9840 1 Dolibarr 1 Dolibarr 2025-04-20 N/A
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
CVE-2017-14839 1 Teamworktec 1 Photo Fusion 2025-04-20 N/A
TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
CVE-2017-12678 2 Debian, Taglib 2 Debian Linux, Taglib 2025-04-20 8.8 High
In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.
CVE-2017-11154 1 Synology 1 Photo Station 2025-04-20 N/A
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.
CVE-2017-1002008 1 Membership Simplified Project 1 Membership Simplified 2025-04-20 9.8 Critical
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
CVE-2017-1000081 1 Onosproject 1 Onos 2025-04-20 9.8 Critical
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
CVE-2017-14251 1 Typo3 1 Typo3 2025-04-20 N/A
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
CVE-2017-14841 1 Dasinfomedia 1 Annual Maintenance Contract Management System 2025-04-20 N/A
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
CVE-2017-6090 1 Phpcollab 1 Phpcollab 2025-04-20 N/A
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.
CVE-2017-14079 1 Trendmicro 1 Mobile Security 2025-04-20 N/A
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
CVE-2017-4990 1 Emc 1 Avamar Server 2025-04-20 N/A
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.
CVE-2017-9650 2 Automatedlogic, Carrier 3 I-vu, Sitescan Web, Automatedlogic Webctrl 2025-04-20 N/A
An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code.