Total
3984 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47169 | 1 Agnai | 1 Agnai | 2024-10-30 | 8.8 High |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. This does affect publicly hosted installs without S3-compatible storage. Version 1.0.330 fixes this vulnerability. | ||||
| CVE-2024-10292 | 1 Zzcms | 1 Zzcms | 2024-10-30 | 6.3 Medium |
| A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10293 | 1 Zzcms | 1 Zzcms | 2024-10-30 | 6.3 Medium |
| A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file 3/Ebbak5.1/upload/class/functions.php. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10410 | 2 Janobe, Sourcecodester | 2 Online Hotel Reservation System, Online Hotel Reservation System | 2024-10-29 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10413 | 1 Janobe | 1 Online Hotel Reservation System | 2024-10-29 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is the function upload of the file /guest/update.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10420 | 1 Nurhodelta17 | 1 Attendance And Payroll System | 2024-10-29 | 6.3 Medium |
| A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0. This affects the function upload of the file /marimar/guest/update.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10201 | 1 Wellchoose | 1 Administrative Management System | 2024-10-24 | 8.8 High |
| Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells. | ||||
| CVE-2024-10161 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-45136 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2024-10-18 | 7.8 High |
| InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue requires user interaction. | ||||
| CVE-2024-45137 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-10-18 | 7.8 High |
| InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary code in the context of the server. Exploitation of this issue requires user interaction. | ||||
| CVE-2024-47423 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-10-18 | 7.8 High |
| Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which can be automatically processed or executed by the system. Exploitation of this issue requires user interaction. | ||||
| CVE-2024-9981 | 1 Formosasoft | 2 Ee-class, Ee Class | 2024-10-17 | 8.8 High |
| The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. | ||||
| CVE-2024-9816 | 1 Codezips | 1 Tourist Management System | 2024-10-17 | 4.7 Medium |
| A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9815 | 1 Codezips | 1 Tourist Management System | 2024-10-17 | 4.7 Medium |
| A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9985 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | 10 Critical |
| Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. | ||||
| CVE-2024-47655 | 1 Shilpisoft | 1 Client Dashboard | 2024-10-16 | 8.8 High |
| This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. An authenticated remote attacker could exploit this vulnerability by uploading malicious file, which could lead to remote code execution on targeted application. | ||||
| CVE-2024-9975 | 2 Rems, Sourcecodester | 2 Drag And Drop Image Upload, Drag And Drop Image Upload | 2024-10-16 | 6.3 Medium |
| A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9794 | 2 Codezips, Online Shopping Portal Project | 2 Online Shopping Portal, Online Shopping Portal | 2024-10-15 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-37868 | 2 Emiloimagtolis, Online Discussion Forum Project | 2 Online Discussion Forum, Online Discussion Forum | 2024-10-08 | 8.8 High |
| File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable. | ||||
| CVE-2024-37869 | 2 Emiloimagtolis, Online Discussion Forum Project | 2 Online Discussion Forum, Online Discussion Forum | 2024-10-08 | 8.8 High |
| File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable | ||||