Search Results (2250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-3129 1 Online Driving School Project Project 1 Online Driving School Project 2025-04-15 6.3 Medium
A vulnerability was found in codeprojects Online Driving School. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registration.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207872.
CVE-2022-3771 1 Easyiicms 1 Easyiicms 2025-04-15 6.3 Medium
A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability.
CVE-2022-3944 1 Erp Project 1 Erp 2025-04-15 6.3 Medium
A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451.
CVE-2022-4272 1 Warehouse Management System Project 1 Warehouse Management System 2025-04-15 6.3 Medium
A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.
CVE-2022-4276 1 House Rental System Project 1 House Rental System 2025-04-15 6.3 Medium
A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772.
CVE-2022-45896 1 Planetestream 1 Planet Estream 2025-04-14 9.8 Critical
Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution.
CVE-2022-4506 1 Open-emr 1 Openemr 2025-04-14 8.8 High
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
CVE-2022-2647 1 Jeecg 1 Jeecg Boot 2025-04-14 7.3 High
A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability.
CVE-2022-45427 1 Dahuasecurity 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more 2025-04-14 7.2 High
Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.
CVE-2016-7095 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.
CVE-2015-5157 2 Linux, Redhat 9 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 6 more 2025-04-12 N/A
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
CVE-2016-7452 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
CVE-2016-2914 1 Ibm 1 Engineering Lifecycle Optimization - Publishing 2025-04-12 N/A
Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.
CVE-2015-1000000 1 Mailcwp Project 1 Mailcwp 2025-04-12 N/A
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin
CVE-2016-9187 1 Moodle 1 Moodle 2025-04-12 N/A
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
CVE-2016-9186 1 Moodle 1 Moodle 2025-04-12 N/A
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
CVE-2016-5050 1 Readydesk 1 Readydesk 2025-04-12 N/A
Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file.
CVE-2015-3290 1 Linux 1 Linux Kernel 2025-04-12 N/A
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
CVE-2015-1000013 1 Csv2wpec-coupon Project 1 Csv2wpec-coupon 2025-04-12 N/A
Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1
CVE-2015-1000001 1 Fast-image-adder Project 1 Fast-image-adder 2025-04-12 N/A
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin