Search Results (4283 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-11466 1 Dotcms 1 Dotcms 2025-04-20 N/A
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI.
CVE-2017-12332 1 Cisco 2 Nx-os, Unified Computing System 2025-04-20 N/A
A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832.
CVE-2017-12929 1 Tecnovision 1 Dlx Spot Player4 2025-04-20 N/A
Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.
CVE-2017-13982 1 Hp 1 Bsm Platform Application Performance Management System Health 2025-04-20 N/A
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.
CVE-2017-14050 1 Blackcat-cms 1 Blackcat Cms 2025-04-20 N/A
In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.
CVE-2017-14079 1 Trendmicro 1 Mobile Security 2025-04-20 N/A
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
CVE-2017-14123 1 Zohocorp 1 Manageengine Firewall Analyzer 2025-04-20 8.8 High
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.
CVE-2017-14704 1 Claydip 1 Airbnb Clone 2025-04-20 N/A
Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile.
CVE-2017-14838 1 Teamworktec 1 Job Links 2025-04-20 N/A
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
CVE-2017-14839 1 Teamworktec 1 Photo Fusion 2025-04-20 N/A
TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
CVE-2017-14840 1 Teamworktec 1 Ticketplus 2025-04-20 N/A
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
CVE-2017-14841 1 Dasinfomedia 1 Annual Maintenance Contract Management System 2025-04-20 N/A
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
CVE-2017-15957 1 Ingenious School Management System Project 1 Ingenious School Management System 2025-04-20 N/A
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
CVE-2017-15962 1 Istock Management System Project 1 Istock Management System 2025-04-20 N/A
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
CVE-2017-15990 1 Savsofteproducts 1 Phpinventory 2025-04-20 9.8 Critical
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.
CVE-2017-17593 1 Simple Chatting System Project 1 Simple Chatting System 2025-04-20 N/A
Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.
CVE-2017-17727 1 Dedecms 1 Dedecms 2025-04-20 N/A
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.
CVE-2017-6027 1 Codesys 1 Web Server 2025-04-20 N/A
An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution.
CVE-2017-6041 1 Marel 44 A320, A320 Firmware, A325 and 41 more 2025-04-20 N/A
An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.
CVE-2017-6090 1 Phpcollab 1 Phpcollab 2025-04-20 N/A
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.