Medium
CVE-2013-5963
Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executab…
Tag: Unrestricted File Upload
All CVEs associated with "Unrestricted File Upload". Page 12/14 • 1592 CVEs.
Subscribe CVEs: RSS for “Unrestricted File Upload” · RSS (High+Critical only)
About “Unrestricted File Upload”
A curated feed of “Unrestricted File Upload”-related CVEs appears below. We currently track 1592 CVEs for this tag (all time). In the last 365 days, 310 were published. Average CVSS is 8.3 (all time; 8.5 over 365d), and 80% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-434 - Unrestricted Upload of File with Dangerous Type, CWE-306 - Missing Authentication for Critical Function, CWE-94 - Improper Control of Generation of Code ('Code Injection').
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2013-09-30
Medium
CVE-2013-5962
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uplo…
Medium
CVE-2013-5961
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a…
2013-09-16
High
CVE-2013-4049
Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by…
2013-08-28
Medium
CVE-2013-3590
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg…
2013-07-29
Medium
CVE-2013-4949
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in t…
2013-03-19
Medium
CVE-2013-0206
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to e…
2013-01-24
High
CVE-2012-6509
Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg.
2013-01-08
Medium
CVE-2012-6498
Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing…
2013-01-03
Medium
CVE-2012-6081
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated us…
2012-11-30
Medium
CVE-2012-4472
Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an…
2012-11-18
Critical
CVE-2012-4944
Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary code by uploading a file via an unspecified…
2012-11-17
Medium
CVE-2012-5893
Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then acce…
2012-10-08
Medium
CVE-2012-5318
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with…
Medium
CVE-2012-1125
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a fi…
2012-10-06
Medium
CVE-2012-1153
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable exte…
2012-09-09
Medium
CVE-2011-5161
Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension foll…
2012-08-30
Medium
CVE-2011-5134
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arb…
2012-08-27
Medium
CVE-2012-4036
Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via…
2012-08-13
Medium
CVE-2012-4269
Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message.
2012-07-03
Critical
CVE-2012-3811
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.1…
2012-06-27
High
CVE-2012-3814
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf…
2012-06-17
Medium
CVE-2012-3578
Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a f…
High
CVE-2012-3577
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an…
2012-06-16
Critical
CVE-2012-3576
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable…
Critical
CVE-2012-3575
Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension,…
High
CVE-2012-3574
Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a…
2012-05-27
Medium
CVE-2012-2939
Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airli…
2012-05-21
Medium
CVE-2012-2902
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows rem…
2012-05-03
Medium
CVE-2012-0729
Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and…
2012-03-19
High
CVE-2011-5083
Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, the…
2012-02-18
High
CVE-2012-1195
Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to…
2012-02-08
High
CVE-2011-5077
Unrestricted file upload vulnerability in attachement.php in HDWiki 5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a dir…
2012-02-07
High
CVE-2012-1010
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a P…
2012-01-29
Medium
CVE-2011-5069
Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an…
Medium
CVE-2011-3833
Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then…
2012-01-04
High
CVE-2011-5051
Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable exte…
2011-12-25
High
CVE-2011-5005
Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to inde…
Medium
CVE-2011-5004
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbit…
2011-12-15
High
CVE-2011-4828
Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extensio…
2011-01-28
Medium
CVE-2011-0678
Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDire…
2011-01-25
Medium
CVE-2010-4353
Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by…
2010-12-16
High
CVE-2010-3964
Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, all…
2010-12-02
Medium
CVE-2010-4313
Unrestricted file upload vulnerability in fileman_file_upload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a…
2010-06-15
Medium
CVE-2010-1514
Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then ac…
2010-06-03
Medium
CVE-2010-2153
Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an exe…
2010-04-27
Medium
CVE-2009-4819
Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double exte…
Medium
CVE-2009-4818
Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as…
Medium
CVE-2009-4817
Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a…
2010-04-22
Medium
CVE-2009-4793
Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an e…
2010-04-20
Medium
CVE-2010-0996
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the signific…
2010-04-09
Medium
CVE-2010-1334
Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extensi…
Medium
CVE-2010-0993
Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allows remote authenticated users to execute arbitrary code by uploading a file with an…
2010-02-27
Medium
CVE-2010-0757
Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the…
2010-01-26
Medium
CVE-2010-0390
Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, a…
2010-01-21
Medium
CVE-2010-0366
Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by…
2010-01-13
Medium
CVE-2010-0279
Unrestricted file upload vulnerability in upload.php in BTS-GI Read excel 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via…
2009-12-29
Medium
CVE-2009-4451
Unrestricted file upload vulnerability in upper.php in kandalf upper 0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a di…
2009-12-24
Medium
CVE-2009-4412
Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extens…
2009-12-22
High
CVE-2009-4140
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2…
2009-12-21
High
CVE-2009-4373
Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, all…
2009-12-03
Critical
CVE-2009-4189
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestr…
Critical
CVE-2009-4188
HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct un…
2009-11-29
High
CVE-2009-4106
Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and earlier allows remote attackers to inject and execute arbitrary PHP code via the filename and text parameters.
Medium
CVE-2009-4098
Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uplo…
High
CVE-2009-4090
Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a…
2009-11-24
Critical
CVE-2009-3843
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby e…
2009-11-17
Medium
CVE-2009-3890
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP…
2009-10-22
High
CVE-2009-3753
Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request…
2009-10-16
Medium
CVE-2009-3716
Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it v…
2009-09-29
Medium
CVE-2009-3447
Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a req…
2009-09-11
Medium
CVE-2009-3182
Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable…
Medium
CVE-2009-3173
Unrestricted file upload vulnerability in admin/add_album.php in The Rat CMS Alpha 2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing…
High
CVE-2008-7209
Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable…
2009-09-08
High
CVE-2008-7167
Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it v…
2009-09-04
Critical
CVE-2009-3068
Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp)…
2009-09-02
Medium
CVE-2008-7157
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe ext…
2009-08-26
Medium
CVE-2008-7088
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed…
2009-08-25
Medium
CVE-2008-7076
Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an e…
Medium
CVE-2008-7062
Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executab…
2009-08-24
Medium
CVE-2008-7052
Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable exten…
Medium
CVE-2008-7029
Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as…
2009-08-21
Medium
CVE-2008-7026
Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extensi…
Medium
CVE-2008-7021
Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension a…
2009-08-19
High
CVE-2008-7005
include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote attackers to execute arbitrary PHP code via the quotes_to_edit parameter. NOTE: this issue has been reported a…
High
CVE-2008-7001
Unrestricted file upload vulnerability in the file manager in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary code via unknown vectors.
High
CVE-2008-6987
Unrestricted file upload vulnerability in eZoneScripts Dating Website script allows remote attackers to execute arbitrary code via unknown vectors. NOTE: the provenance of this information is unknow…
Medium
CVE-2008-6978
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a d…
2009-08-12
Medium
CVE-2008-6948
Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME typ…
Medium
CVE-2008-6944
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo,…
Medium
CVE-2008-6943
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe p…
Medium
CVE-2008-6942
Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an…
2009-08-11
High
CVE-2008-6932
Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing i…
Medium
CVE-2008-6931
Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume…
Medium
CVE-2008-6930
Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing i…
Medium
CVE-2008-6929
Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then access…
Medium
CVE-2008-6928
Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then ac…
2009-08-10
High
CVE-2008-6921
Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direc…
High
CVE-2008-6920
Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then…
Medium
CVE-2008-6918
Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it…
2009-08-07
Medium
CVE-2008-6914
Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a…
Medium
CVE-2008-6913
Unrestricted file upload vulnerability in editresume_next.php in Zeeways ZEEJOBSITE 2.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as…
2009-08-06
Medium
CVE-2008-6902
Unrestricted file upload vulnerability in upload_flyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, th…
Medium
CVE-2008-6900
Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file wit…
2009-07-07
Medium
CVE-2008-6849
Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via…
2009-07-01
Medium
CVE-2009-2270
Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then ac…
2009-06-27
Medium
CVE-2009-2238
Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code b…
2009-06-22
Medium
CVE-2009-2146
Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary c…
2009-06-04
High
CVE-2008-6822
Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file wit…
2009-05-28
Medium
CVE-2008-6814
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a…
2009-05-22
Medium
CVE-2009-1750
Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified v…
2009-05-18
Medium
CVE-2009-1663
Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension,…
Medium
CVE-2009-1659
Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file…
Medium
CVE-2008-6811
Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an exe…
2009-05-12
Medium
CVE-2008-6806
Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then ac…
2009-05-11
Medium
CVE-2009-1615
Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files…
Medium
CVE-2009-1609
Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing i…
2009-05-01
Medium
CVE-2008-6785
Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request…
2009-04-29
Medium
CVE-2009-1483
Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploadin…
Medium
CVE-2008-6769
Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then…