Search
Total
736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3189 | 1 Dotcms | 1 Dotcms | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files which the bundle contains. This vulnerability combined with the path traversal vulnerability (CVE-2017-3188) can lead to remote command execution with the permissions of the user running the dotCMS application. An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application. | |||||
| CVE-2017-2617 | 1 Hawt.io | 1 Hawtio | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed. | |||||
| CVE-2017-16736 | 1 Advantech | 1 Webaccess | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files. | |||||
| CVE-2017-10940 | 1 Joyent | 1 Triton Datacenter | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853. | |||||
| CVE-2017-11154 | 1 Synology | 1 Photo Station | 2019-10-09 | 6.5 MEDIUM | 7.2 HIGH |
| Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. | |||||
| CVE-2019-17046 | 1 Ilch | 1 Ilch Cms | 2019-10-04 | 9.0 HIGH | 7.2 HIGH |
| Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. | |||||
| CVE-2017-11326 | 1 Tilde Cms Project | 1 Tilde Cms | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation. | |||||
| CVE-2017-8080 | 1 Atlassian | 1 Hipchat Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | |||||
| CVE-2017-6104 | 1 Zen Mobile App Native Project | 1 Zen Mobile App Native | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. | |||||
| CVE-2017-5520 | 1 Metalgenix | 1 Genixcms | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. | |||||
| CVE-2017-2699 | 1 Huawei | 6 Honor 7, Honor 7 Firmware, Lyo-l21 and 3 more | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of arbitrary code. | |||||
| CVE-2017-17593 | 1 Simple Chatting System Project | 1 Simple Chatting System | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. | |||||
| CVE-2019-15862 | 1 Cksource | 1 Ckfinder | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP. | |||||
| CVE-2019-16720 | 1 Zzzcms | 1 Zzzphp | 2019-09-23 | 5.0 MEDIUM | 7.5 HIGH |
| ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. | |||||
| CVE-2015-9402 | 1 Usersultra | 1 Users Ultra Membership | 2019-09-23 | 6.8 MEDIUM | 8.8 HIGH |
| The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. | |||||
| CVE-2019-10012 | 2 Jenzabar, Tiny | 2 Internet Campus Solution, Moxiemanager | 2019-09-20 | 6.0 MEDIUM | 7.5 HIGH |
| Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer. | |||||
| CVE-2019-15843 | 1 Mi | 1 Xiaomi Millet Firmware | 2019-09-20 | 5.8 MEDIUM | 7.4 HIGH |
| A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing. | |||||
| CVE-2019-14252 | 1 Publisure | 1 Publisure | 2019-09-18 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if removed from the adminCons.php view (i.e., the rogue PHP file can be hidden). | |||||
| CVE-2019-16318 | 1 Pimcore | 1 Pimcore | 2019-09-17 | 6.5 MEDIUM | 8.8 HIGH |
| In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. | |||||
| CVE-2016-10958 | 1 Estatik | 1 Estatik | 2019-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. | |||||
| CVE-2019-16131 | 1 Phpok | 1 Oklite | 2019-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. | |||||
| CVE-2019-15866 | 1 Crelly Slider Project | 1 Crelly Slider | 2019-09-05 | 6.5 MEDIUM | 8.8 HIGH |
| The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider. | |||||
| CVE-2019-15649 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2019-08-30 | 6.5 MEDIUM | 8.8 HIGH |
| The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload. | |||||
| CVE-2017-18592 | 1 Wc-marketplace | 1 Wc Catalog Enquiry | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads. | |||||
| CVE-2018-18572 | 1 Oscommerce | 1 Oscommerce | 2019-08-29 | 6.5 MEDIUM | 7.2 HIGH |
| osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI. | |||||
| CVE-2015-9338 | 1 Iptanus | 1 Wordpress File Upload | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. | |||||
| CVE-2015-9340 | 1 Iptanus | 1 Wordpress File Upload | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. | |||||
| CVE-2015-9339 | 1 Iptanus | 1 Wordpress File Upload | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. | |||||
| CVE-2015-9341 | 1 Iptanus | 1 Wordpress File Upload | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. | |||||
| CVE-2019-14755 | 1 Leaftecnologia | 1 Leaf Admin | 2019-08-20 | 6.5 MEDIUM | 8.8 HIGH |
| The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type. | |||||
| CVE-2019-5395 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2019-08-16 | 6.5 MEDIUM | 8.8 HIGH |
| A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | |||||
| CVE-2017-18435 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 7.5 HIGH | 7.3 HIGH |
| cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). | |||||
| CVE-2019-7912 | 1 Magento | 1 Magento | 2019-08-09 | 6.5 MEDIUM | 7.2 HIGH |
| A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious upload and execution of malicious files on the server. | |||||
| CVE-2019-7930 | 1 Magento | 1 Magento | 2019-08-07 | 9.0 HIGH | 7.2 HIGH |
| A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal of file upload restrictions. This can result in arbitrary code execution when a malicious file is then uploaded and executed on the system. | |||||
| CVE-2019-7861 | 1 Magento | 1 Magento | 2019-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | |||||
| CVE-2019-3960 | 1 Wallaceit | 1 Wallacepos | 2019-08-06 | 6.5 MEDIUM | 7.2 HIGH |
| Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. | |||||
| CVE-2019-12170 | 1 Atutor | 1 Atutor | 2019-08-05 | 9.0 HIGH | 8.8 HIGH |
| ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. | |||||
| CVE-2019-9189 | 1 Primasystems | 1 Flexair | 2019-07-31 | 9.0 HIGH | 8.8 HIGH |
| Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access. | |||||
| CVE-2019-10267 | 1 Ahsay | 1 Cloud Backup Suite | 2019-07-31 | 9.0 HIGH | 8.8 HIGH |
| An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator). | |||||
| CVE-2019-13980 | 1 Rangerstudio | 1 Directus 7 Api | 2019-07-22 | 6.8 MEDIUM | 8.8 HIGH |
| In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. | |||||
| CVE-2019-13979 | 1 Rangerstudio | 1 Directus 7 Api | 2019-07-22 | 6.8 MEDIUM | 8.8 HIGH |
| In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. | |||||
| CVE-2019-13984 | 1 Rangerstudio | 1 Directus 7 Api | 2019-07-22 | 6.8 MEDIUM | 8.8 HIGH |
| Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File. | |||||
| CVE-2019-13359 | 1 Centos-webpanel | 1 Centos Web Panel | 2019-07-18 | 8.5 HIGH | 7.5 HIGH |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. | |||||
| CVE-2019-0327 | 1 Sap | 1 Netweaver Application Server Java | 2019-07-18 | 6.5 MEDIUM | 7.2 HIGH |
| SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation. | |||||
| CVE-2019-13464 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2019-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid. | |||||
| CVE-2014-9312 | 1 10web | 1 Photo Gallery | 2019-07-08 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | |||||
| CVE-2019-4292 | 1 Ibm | 1 Security Guardium | 2019-07-03 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698. | |||||
| CVE-2019-9842 | 1 Miniblog Project | 1 Miniblog | 2019-06-19 | 6.5 MEDIUM | 7.2 HIGH |
| madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension. | |||||
| CVE-2019-5357 | 1 Hp | 1 Intelligent Management Center | 2019-06-06 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2016-10751 | 1 Osclass | 1 Osclass | 2019-05-29 | 6.5 MEDIUM | 7.2 HIGH |
| osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload. | |||||