Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
šŸ”„ Daily Hot!
šŸ’ŖšŸ½ CPE Enhanced Advisories
šŸ•¶ Shadow Exploits
šŸ•µšŸ¼ Vulners CPE
šŸ” Security news
šŸ’» Exploit updates
šŸ“‘ Blogs review
šŸ§ Linux vulnerabilities
šŸž Bugbounty
šŸ¤– AI High Score
šŸ“° CVE Feed
show all

280 matches found

OSV
OSVā€¢added 2021/06/23 1:15 p.m.ā€¢11 views

CVE-2021-28977

Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,...

4.8CVSS6.3AI score
Exploits0References1
Cvelist
Cvelistā€¢added 2021/06/23 12:44 p.m.ā€¢9 views

CVE-2021-28977

Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,...

6.1AI score0.00235EPSS
Exploits0References1
CVE
CVEā€¢added 2021/06/23 12:36 p.m.ā€¢51 views

CVE-2021-28976

CVE-2021-28976 affects GetSimpleCMS versions prior to 3.3.16, with a remote code execution vulnerability in admin/upload.php exploitable through PHAR file uploads. The connected sources confirm a phar-based attack chain leading to RCE (e.g., PoCs and exploits in Exploit-DB/PacketStorm) and indica...

7.2CVSS7.4AI score0.06968EPSS
Exploits3References1Affected Software1
Cvelist
Cvelistā€¢added 2021/06/23 12:36 p.m.ā€¢9 views

CVE-2021-28976

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess...

8AI score0.06968EPSS
Exploits3References1
CNVD
CNVDā€¢added 2021/04/15 12:0 a.m.ā€¢6 views

Group Office CRM Server-Side Request Forgery Vulnerability

Group Office CRM is an enterprise CRM and component tool with email client, shared projects, calendar, documents and more. A server-side request forgery vulnerability exists in Group Office CRM version 6.4.196, which can be exploited by a remote attacker to forge a GET request to any URL via the...

5.3CVSS6.9AI score0.00375EPSS
Exploits1References1
Prion
Prionā€¢added 2021/04/14 5:15 p.m.ā€¢12 views

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php...

5CVSS5.4AI score0.00375EPSS
Exploits1References2Affected Software1
NVD
NVDā€¢added 2020/06/24 11:15 a.m.ā€¢8 views

CVE-2020-15006

Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php...

5.4CVSS0.00191EPSS
Exploits1References1
OSV
OSVā€¢added 2020/06/24 11:15 a.m.ā€¢15 views

CVE-2020-15006

Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php...

5.4CVSS5.6AI score
Exploits0References1
0day.today
0day.todayā€¢added 2020/03/17 12:0 a.m.ā€¢255 views

PHPKB Multi-Language 9 image-upload.php Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.p...

0.20944EPSS
Exploits5
exploitpack
exploitpackā€¢added 2020/03/16 12:0 a.m.ā€¢99 views

PHPKB Multi-Language 9 - image-upload.php Authenticated Remote Code Execution

PHPKB Multi-Language 9 - image-upload.php Authenticated Remote Code Execution Exploit Title: PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/...

6.5CVSS0.3AI score0.20944EPSS
Exploits5
OSV
OSVā€¢added 2020/03/07 12:15 a.m.ā€¢13 views

CVE-2020-10212

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...

9.8CVSS6.7AI score
Exploits0References1
NVD
NVDā€¢added 2020/03/07 12:15 a.m.ā€¢11 views

CVE-2020-10212

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...

9.8CVSS9.5AI score0.00982EPSS
Exploits5References1
Cvelist
Cvelistā€¢added 2020/03/06 11:30 p.m.ā€¢14 views

CVE-2020-10212

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...

9.5AI score0.00982EPSS
Exploits5References1
CVE
CVEā€¢added 2020/01/14 8:23 p.m.ā€¢41 views

CVE-2011-2933

CVE-2011-2933: Affected software is WebsiteBaker 2.8.1 and earlier. The vulnerability is an Arbitrary File Upload in admin/media/upload.php caused by failure to restrict uploaded files with extensions .htaccess, .php4, .php5, and .phtl. Connected sources confirm thisēŽ°. The provided documents do n...

7.2CVSS6.8AI score0.00428EPSS
Exploits1References1Affected Software1
CVE
CVEā€¢added 2019/10/10 4:11 p.m.ā€¢91 views

CVE-2015-9471

CVE-2015-9471 affects the WordPress plugin dzs-zoomsounds (2.0), where an admin/upload.php arbitrary file upload vulnerability exists. The issue is tied to the dzs-zoomsounds WordPress plugin and results in potential unauthorized file uploads via its admin interface. The initial description state...

9.8CVSS9.5AI score0.05005EPSS
Exploits0References3Affected Software1
OSV
OSVā€¢added 2019/09/18 12:15 p.m.ā€¢1 views

CVE-2016-10995

The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via singleupload.php or single-upload.php...

9.8CVSS5.9AI score
Exploits0References1
Prion
Prionā€¢added 2019/09/18 12:15 p.m.ā€¢11 views

Default credentials

The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via singleupload.php or single-upload.php...

7.5CVSS7.4AI score0.00841EPSS
Exploits0References1Affected Software1
Prion
Prionā€¢added 2019/08/06 11:15 p.m.ā€¢14 views

Design/Logic Flaw

A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because...

5CVSS7.8AI score0.00602EPSS
Exploits0References3Affected Software3
CVE
CVEā€¢added 2019/07/28 12:23 a.m.ā€¢79 views

CVE-2019-14315

The CVE-2019-14315 entry documents a cross-site scripting (XSS) vulnerability in SunHater KCFinder where upload.php is affected in versions 3.20-test1, 3.20-test2, 3.12 and earlier. The root cause involves improper handling of input that allows an attacker to inject arbitrary web script or HTML v...

6.1CVSS5.9AI score0.00189EPSS
Exploits1References1Affected Software1
OSV
OSVā€¢added 2019/03/21 4:0 p.m.ā€¢2 views

CVE-2018-20526

Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php...

9.8CVSS5.8AI score0.86037EPSS
Exploits4References2
Rows per page
Query Builder