CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15907 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. | |||
| CVE-2017-15909 | critical | 9.8 | 9.8 | 9y ago | D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. | |||
| CVE-2017-15879 | high | 8.8 | 9.8 | 9y ago | Keystone is vulnerable to CSV injection | |||
| CVE-2017-14695 | critical | 9.8 | 9.8 | 9y ago | Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials … | |||
| CVE-2017-13772 | high | 8.8 | 9.8 | 9y ago | Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRp… | |||
| CVE-2017-15808 | high | 8.8 | 9.8 | 9y ago | In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. | |||
| CVE-2017-15381 | critical | 9.8 | 9.8 | 9y ago | SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). | |||
| CVE-2017-15379 | critical | 9.8 | 9.8 | 9y ago | An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. | |||
| CVE-2017-12796 | critical | 9.8 | 9.8 | 9y ago | The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema o… | |||
| CVE-2017-7130 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-pa… | |||
| CVE-2017-7129 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-pa… | |||
| CVE-2017-7128 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-pa… | |||
| CVE-2017-7126 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of … | |||
| CVE-2017-7125 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of … | |||
| CVE-2017-7124 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of … | |||
| CVE-2017-7123 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of … | |||
| CVE-2017-7122 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of … | |||
| CVE-2017-7121 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of … | |||
| CVE-2017-7117 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7112 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote… | |||
| CVE-2017-7110 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote… | |||
| CVE-2017-7108 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote… | |||
| CVE-2017-7105 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote… | |||
| CVE-2017-7103 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote… | |||
| CVE-2017-15804 | critical | 9.8 | 9.8 | 9y ago | The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. | |||
| CVE-2017-15735 | high | 8.8 | 9.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. | |||
| CVE-2017-15734 | high | 8.8 | 9.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | |||
| CVE-2017-15730 | high | 8.8 | 9.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. | |||
| CVE-2017-15670 | critical | 9.8 | 9.8 | 9y ago | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories u… | |||
| CVE-2017-6165 | critical | 9.8 | 9.8 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms o… | |||
| CVE-2017-15645 | high | 8.8 | 9.8 | 9y ago | CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. | |||
| CVE-2017-5636 | critical | 9.8 | 9.8 | 9y ago | Injection in Apache NiFi | |||
| CVE-2017-15595 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via… | |||
| CVE-2017-15578 | high | 8.8 | 9.8 | 9y ago | In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | |||
| CVE-2017-13999 | critical | 9.8 | 9.8 | 9y ago | A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application… | |||
| CVE-2017-15539 | critical | 9.8 | 9.8 | 9y ago | SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. | |||
| CVE-2017-3761 | critical | 9.8 | 9.8 | 9y ago | The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, co… | |||
| CVE-2017-3758 | critical | 9.8 | 9.8 | 9y ago | Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution. | |||
| CVE-2017-9367 | critical | 9.8 | 9.8 | 9y ago | A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on … | |||
| CVE-2017-15295 | critical | 9.8 | 9.8 | 9y ago | Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064. | |||
| CVE-2017-15293 | critical | 9.8 | 9.8 | 9y ago | Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 25… | |||
| CVE-2017-14952 | critical | 9.8 | 9.8 | 9y ago | Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector … | |||
| CVE-2017-15376 | critical | 9.8 | 9.8 | 9y ago | The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23. | |||
| CVE-2017-15373 | critical | 9.8 | 9.8 | 9y ago | E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). | |||
| CVE-2017-15304 | critical | 9.8 | 9.8 | 9y ago | /bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persist… | |||
| CVE-2017-10622 | critical | 9.8 | 9.8 | 9y ago | An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issu… | |||
| CVE-2017-10615 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons su… | |||
| CVE-2017-15276 | high | 8.8 | 9.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser… | |||
| CVE-2017-15013 | high | 8.8 | 9.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser… | |||
| CVE-2017-15012 | high | 8.8 | 9.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack… | |||
| CVE-2017-11771 | critical | 9.8 | 9.8 | 9y ago | The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1… | |||
| CVE-2017-5791 | critical | 9.8 | 9.8 | 9y ago | The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. | |||
| CVE-2017-5789 | critical | 9.8 | 9.8 | 9y ago | HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdru… | |||
| CVE-2017-14003 | critical | 9.8 | 9.8 | 9y ago | An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has… | |||
| CVE-2017-15226 | critical | 9.8 | 9.8 | 9y ago | Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. | |||
| CVE-2017-8994 | critical | 9.8 | 9.8 | 9y ago | A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. | |||
| CVE-2017-12861 | critical | 9.8 | 9.8 | 9y ago | The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only t… | |||
| CVE-2017-12860 | critical | 9.8 | 9.8 | 9y ago | The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only t… | |||
| CVE-2017-0903 | critical | 9.8 | 9.8 | 9y ago | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted… | |||
| CVE-2017-13069 | critical | 9.8 | 9.8 | 9y ago | QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow … | |||
| CVE-2017-15047 | critical | 9.8 | 9.8 | 9y ago | The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by… | |||
| CVE-2017-15041 | critical | 9.8 | 9.8 | 9y ago | Remote command execution via "go get" in cmd/go | |||
| CVE-2017-15032 | critical | 9.8 | 9.8 | 9y ago | ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. | |||
| CVE-2017-1000117 | high | 8.8 | 9.8 | 9y ago | A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Suc… | |||
| CVE-2017-12821 | critical | 9.8 | 9.8 | 9y ago | Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution. | |||
| CVE-2017-12819 | critical | 9.8 | 9.8 | 9y ago | Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55. | |||
| CVE-2017-12166 | critical | 9.8 | 9.8 | 9y ago | OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. | |||
| CVE-2017-0829 | critical | 9.8 | 9.8 | 9y ago | An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044. | |||
| CVE-2017-0828 | critical | 9.8 | 9.8 | 9y ago | An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855. | |||
| CVE-2017-0824 | critical | 9.8 | 9.8 | 9y ago | An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001. | |||
| CVE-2017-0822 | critical | 9.8 | 9.8 | 9y ago | An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722. | |||
| CVE-2017-0807 | critical | 9.8 | 9.8 | 9y ago | An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974. | |||
| CVE-2017-8021 | critical | 9.8 | 9.8 | 9y ago | EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. | |||
| CVE-2017-6090 | high | 8.8 | 9.8 | 9y ago | Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte… | |||
| CVE-2017-14848 | high | 8.8 | 9.8 | 9y ago | WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. | |||
| CVE-2017-14759 | critical | 9.8 | 9.8 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramewo… | |||
| CVE-2017-14758 | high | 8.8 | 9.8 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.… | |||
| CVE-2017-14757 | high | 8.8 | 9.8 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/down… | |||
| CVE-2017-13997 | critical | 9.8 | 9.8 | 9y ago | A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio pro… | |||
| CVE-2017-12639 | critical | 9.8 | 9.8 | 9y ago | Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED. | |||
| CVE-2017-12638 | critical | 9.8 | 9.8 | 9y ago | Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE. | |||
| CVE-2017-12620 | critical | 9.8 | 9.8 | 9y ago | Improper Restriction of XML External Entity Reference in Apache OpenNLP | |||
| CVE-2017-11497 | critical | 9.8 | 9.8 | 9y ago | Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language pa… | |||
| CVE-2017-11496 | critical | 9.8 | 9.8 | 9y ago | Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed A… | |||
| CVE-2017-14942 | critical | 9.8 | 9.8 | 9y ago | Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin… | |||
| CVE-2017-14351 | critical | 9.8 | 9.8 | 9y ago | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow … | |||
| CVE-2017-14350 | critical | 9.8 | 9.8 | 9y ago | A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code … | |||
| CVE-2017-14349 | critical | 9.8 | 9.8 | 9y ago | An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. | |||
| CVE-2017-13983 | critical | 9.8 | 9.8 | 9y ago | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. | |||
| CVE-2017-7552 | critical | 9.8 | 9.8 | 9y ago | A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to … | |||
| CVE-2017-12236 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass … | |||
| CVE-2017-12229 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of t… | |||
| CVE-2017-14847 | high | 8.8 | 9.8 | 9y ago | Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14846 | high | 8.8 | 9.8 | 9y ago | Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14845 | high | 8.8 | 9.8 | 9y ago | Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14844 | high | 8.8 | 9.8 | 9y ago | Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | |||
| CVE-2017-14843 | high | 8.8 | 9.8 | 9y ago | Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14842 | high | 8.8 | 9.8 | 9y ago | Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14840 | high | 8.8 | 9.8 | 9y ago | TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | |||
| CVE-2017-14839 | high | 8.8 | 9.8 | 9y ago | TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. |