Total
3017 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45076 | 2 Ibm, Softwareag | 2 Webmethods Integration, Webmethods | 2024-09-06 | 9.9 Critical |
| IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. | ||||
| CVE-2024-43249 | 1 Bitapps | 2 Bit Form, Bit Form Pro | 2024-09-06 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4. | ||||
| CVE-2024-40645 | 1 Fogproject | 1 Fogproject | 2024-09-05 | 8.8 High |
| FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41. | ||||
| CVE-2024-8330 | 2 6shr System Project, Gethertechnology | 2 6shr System, 6shr | 2024-09-05 | 8.8 High |
| 6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server. | ||||
| CVE-2024-8342 | 2 Nelzkie15, Sourcecodester | 2 Petshop Management System, Petshop Management System | 2024-09-04 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0. This issue affects some unknown processing of the file /controllers/add_client.php. The manipulation of the argument image_profile leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8341 | 2 Nelzkie15, Sourcecodester | 2 Pet Shop Management System, Petshop Management System | 2024-09-04 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/add_user.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-39717 | 1 Versa-networks | 1 Versa Director | 2024-09-04 | 7.2 High |
| The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in. | ||||
| CVE-2024-7943 | 2 Adonesevangelista, Itsourcecode | 2 Laravel Property Management System, Laravel Property Management System | 2024-09-03 | 6.3 Medium |
| A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical. This issue affects the function upload of the file PropertiesController.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-6117 | 1 Hamastar | 1 Meetinghub Paperless Meetings | 2024-08-30 | 8.8 High |
| A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file. | ||||
| CVE-2024-8294 | 1 Feehi | 1 Feehicms | 2024-08-30 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLink[image] leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8295 | 1 Feehi | 1 Feehicms | 2024-08-30 | 6.3 Medium |
| A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8296 | 1 Feehi | 1 Feehicms | 2024-08-30 | 6.3 Medium |
| A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8170 | 2 Rems, Sourcecodester | 2 Zipped Folder Manager App, Zipped Folder Manager App | 2024-08-27 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the argument folder leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8089 | 2 E-commerce System Project, Janobe | 2 E-commerce System, E-commerce System | 2024-08-27 | 6.3 Medium |
| A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8166 | 1 Ruijie | 2 Eg2000k, Eg2000k Firmware | 2024-08-27 | 4.7 Medium |
| A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7987 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-08-26 | N/A |
| A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files. | ||||
| CVE-2024-7329 | 1 Youdiancms | 1 Youdiancms | 2024-08-23 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in YouDianCMS 7. Affected is an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php. The manipulation of the argument files leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42780 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 8.8 High |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-42777 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 9.8 Critical |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-42779 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 8.8 High |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||