Total
3040 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-10004 | 1 Reciply Project | 1 Reciply | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability. | ||||
| CVE-2010-4661 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2024-11-21 | 7.8 High |
| udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | ||||
| CVE-2010-3663 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 8.8 High |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | ||||
| CVE-2010-1433 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 9.8 Critical |
| Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | ||||
| CVE-2024-52429 | 2 Anton Hoelstad, Antonhoelstad | 2 Wp Quick Setup, Wp Quick Setup | 2024-11-20 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0. | ||||
| CVE-2024-11311 | 1 Trcore | 1 Dvc | 2024-11-20 | 9.8 Critical |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | ||||
| CVE-2024-11312 | 1 Trcore | 1 Dvc | 2024-11-20 | 9.8 Critical |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | ||||
| CVE-2024-11313 | 1 Trcore | 1 Dvc | 2024-11-20 | 9.8 Critical |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | ||||
| CVE-2024-11314 | 1 Trcore | 1 Dvc | 2024-11-20 | 9.8 Critical |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | ||||
| CVE-2024-11315 | 1 Trcore | 1 Dvc | 2024-11-20 | 9.8 Critical |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | ||||
| CVE-2024-51499 | 2024-11-19 | N/A | ||
| MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (e.g. students) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading. | ||||
| CVE-2024-51743 | 1 Markusproject | 1 Markus | 2024-11-19 | 8.8 High |
| MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading. | ||||
| CVE-2024-10820 | 2 Vanquish, Woocommerce | 2 Woocommerce Upload Files, Upload Files | 2024-11-19 | 9.8 Critical |
| The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-11214 | 2 Mayurik, Sourcecodester | 2 Best Employee Management System, Best Employee Management System | 2024-11-19 | 4.7 Medium |
| A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes. | ||||
| CVE-2024-52405 | 1 Bikram Joshi | 1 B-banner Slider | 2024-11-19 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bikram Joshi B-Banner Slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through 1.1. | ||||
| CVE-2024-52400 | 1 Subhasis Laha | 1 Gallerio | 2024-11-19 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through 1.01. | ||||
| CVE-2024-52399 | 1 Clarisse K | 1 Writer Helper | 2024-11-19 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through 3.1.6. | ||||
| CVE-2024-52398 | 1 Halyra | 1 Cdi | 2024-11-19 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI.This issue affects CDI: from n/a through 5.5.3. | ||||
| CVE-2024-52397 | 1 Davorzeljkovic | 1 Convert Docx2post | 2024-11-19 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through 1.4. | ||||
| CVE-2024-9849 | 1 Creativeinteractivemedia | 1 Real3d Flipbook | 2024-11-19 | 8.8 High |
| The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||