Search
Total
528 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7095 | 1 Exponentcms | 1 Exponent Cms | 2018-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | |||||
| CVE-2018-5749 | 2 Minecraft Servers List Lite Project, Premium Minecraft Servers List Project | 2 Minecraft Servers List Lite, Premium Minecraft Servers List | 2018-02-15 | 10.0 HIGH | 9.8 CRITICAL |
| install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter. | |||||
| CVE-2018-6580 | 1 Janguo | 1 Jimtawl | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request. | |||||
| CVE-2018-1342 | 1 Netiq | 1 Access Manager | 2018-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console. | |||||
| CVE-2018-5997 | 1 Ravpower | 1 Filehub Firmware | 2018-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root. | |||||
| CVE-2017-17976 | 1 Perfexcrm | 1 Perfex Crm | 2018-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution. | |||||
| CVE-2018-5724 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2018-02-05 | 10.0 HIGH | 9.8 CRITICAL |
| MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi. | |||||
| CVE-2014-4972 | 1 Ajax Upload For Gravity Forms Project | 1 Ajax Upload For Gravity Forms | 2018-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms. | |||||
| CVE-2017-16949 | 1 Accesspressthemes | 1 Anonymous Post Pro | 2018-01-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution. | |||||
| CVE-2017-8862 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2017-12-12 | 10.0 HIGH | 9.8 CRITICAL |
| The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges. | |||||
| CVE-2017-15962 | 1 Istock Management System Project | 1 Istock Management System | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| iStock Management System 1.0 allows Arbitrary File Upload via user/profile. | |||||
| CVE-2015-2780 | 1 Berta | 1 Berta Cms | 2017-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2015-8249 | 1 Manageengine | 1 Desktop Central | 2017-10-06 | 10.0 HIGH | 9.8 CRITICAL |
| The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. | |||||
| CVE-2017-1002001 | 1 Mobile-app-builder-by-wappress Project | 1 Mobile-app-builder-by-wappress | 2017-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | |||||
| CVE-2017-1002003 | 1 Wp2android-turn-wp-site-into-android-app Project | 1 Wp2android-turn-wp-site-into-android-app | 2017-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | |||||
| CVE-2017-1002002 | 1 Webapp-builder Project | 1 Webapp-builder | 2017-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/ | |||||
| CVE-2017-1002000 | 1 Mobile-friendly-app-builder-by-easytouch Project | 1 Mobile-friendly-app-builder-by-easytouch | 2017-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content. | |||||
| CVE-2017-14346 | 1 Blog Project | 1 Blog | 2017-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | |||||
| CVE-2013-7426 | 1 Kamailio | 1 Kamailio | 2017-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | |||||
| CVE-2017-3108 | 1 Adobe | 1 Experience Manager | 2017-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | |||||
| CVE-2017-4990 | 1 Emc | 1 Avamar Server | 2017-07-07 | 7.5 HIGH | 9.8 CRITICAL |
| In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | |||||
| CVE-2015-4455 | 1 Aviary Image Editor Add-on For Gravity Forms Project | 1 Aviary Image Editor Add-on For Gravity Forms | 2017-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. | |||||
| CVE-2017-9364 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | |||||
| CVE-2017-7695 | 1 Bigtreecms | 1 Bigtree Cms | 2017-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. | |||||
| CVE-2015-3884 | 1 Qdpm | 1 Qdpm | 2017-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. | |||||
| CVE-2015-1000001 | 1 Fast-image-adder Project | 1 Fast-image-adder | 2017-03-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | |||||
| CVE-2016-5050 | 1 Readydesk | 1 Readydesk | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file. | |||||
| CVE-2015-1000000 | 1 Mailcwp Project | 1 Mailcwp | 2016-10-27 | 5.0 MEDIUM | 9.8 CRITICAL |
| Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | |||||