Search
Search Results (3890 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38388 | 2024-08-06 | 9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5. | ||||
| CVE-2013-7426 | 1 Kamailio | 1 Kamailio | 2024-08-06 | N/A |
| Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | ||||
| CVE-2013-7390 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-06 | 9.8 Critical |
| Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | ||||
| CVE-2013-6358 | 1 Prestashop | 1 Prestashop | 2024-08-06 | 8.8 High |
| PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. | ||||
| CVE-2013-4796 | 1 Reviewboard | 1 Reviewboard | 2024-08-06 | 8.8 High |
| ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request | ||||
| CVE-2024-7506 | 1 Itsourcecode | 1 Tailoring Management System | 2024-08-06 | 6.3 Medium |
| A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setlogo.php. The manipulation of the argument bgimg leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273649 was assigned to this vulnerability. | ||||
| CVE-2024-7495 | 2024-08-06 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, was found in itsourcecode Laravel Accounting System 1.0. This affects an unknown part of the file app/Http/Controllers/HomeController.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273621 was assigned to this vulnerability. | ||||
| CVE-2024-7484 | 1 Crmperks | 1 Crm Perks Forms | 2024-08-06 | 7.2 High |
| The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-7500 | 1 Itsourcecode | 1 Airline Reservation System | 2024-08-06 | 6.3 Medium |
| A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been rated as critical. Affected by this issue is the function save_settings of the file admin/admin_class.php. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273626 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-7257 | 1 Yaycommerce | 1 Yayextra | 2024-08-05 | 9.8 Critical |
| The YayExtra – WooCommerce Extra Product Options plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_upload_file function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||