Search
Total
1387 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20897 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. | |||||
| CVE-2019-7268 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2020-07-02 | 10.0 HIGH | 10.0 CRITICAL |
| Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. | |||||
| CVE-2020-13443 | 1 Expressionengine | 1 Expressionengine | 2020-07-02 | 6.5 MEDIUM | 8.8 HIGH |
| ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least). | |||||
| CVE-2020-13887 | 1 Kordil Edms Project | 1 Kordil Edms | 2020-06-30 | 6.5 MEDIUM | 8.8 HIGH |
| documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder. | |||||
| CVE-2020-12005 | 1 Rockwellautomation | 2 Factorytalk Linx, Rslinx Classic | 2020-06-24 | 7.8 HIGH | 7.5 HIGH |
| FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression, consuming all the available CPU resources, leading to a denial-of-service condition. | |||||
| CVE-2019-15123 | 1 Vikisolutions | 1 Vera | 2020-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site. | |||||
| CVE-2020-14067 | 1 Naviwebs | 1 Navigatecms | 2020-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. | |||||
| CVE-2020-4470 | 1 Ibm | 1 Spectrum Protect Plus | 2020-06-17 | 6.0 MEDIUM | 8.0 HIGH |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725. | |||||
| CVE-2020-13852 | 1 Pandorafms | 1 Pandora Fms | 2020-06-11 | 9.0 HIGH | 7.2 HIGH |
| Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. | |||||
| CVE-2020-13855 | 1 Pandorafms | 1 Pandora Fms | 2020-06-11 | 9.0 HIGH | 7.2 HIGH |
| Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. | |||||
| CVE-2018-21243 | 1 Foxitsoftware | 1 Phantompdf | 2020-06-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used. | |||||
| CVE-2020-12800 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2020-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. | |||||
| CVE-2019-10930 | 1 Siemens | 26 6md85, 6md86, 6md89 and 23 more | 2020-06-10 | 6.4 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system. | |||||
| CVE-2020-11451 | 1 Microstrategy | 1 Microstrategy Web | 2020-06-09 | 6.5 MEDIUM | 7.2 HIGH |
| The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administrator privileges. | |||||
| CVE-2018-21244 | 1 Foxitsoftware | 1 Phantompdf | 2020-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029. | |||||
| CVE-2020-12846 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-05 | 6.0 MEDIUM | 8.0 HIGH |
| Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a "Corrupt File" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution. | |||||
| CVE-2020-12828 | 1 Pango | 1 Virtual Private Network Software Development Kit | 2020-06-02 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges. | |||||
| CVE-2018-19355 | 2 Mypresta, Prestashop | 2 Customer Files Upload, Prestashop | 2020-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). | |||||
| CVE-2020-12675 | 1 Mappresspro | 1 Mappress | 2020-05-29 | 6.5 MEDIUM | 8.8 HIGH |
| The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077. | |||||
| CVE-2020-1112 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-05-29 | 9.0 HIGH | 9.9 CRITICAL |
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-11108 | 1 Pi-hole | 1 Pi-hole | 2020-05-27 | 9.0 HIGH | 8.8 HIGH |
| The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh. | |||||
| CVE-2020-13442 | 1 Dext5 | 1 Dext5 | 2020-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/. | |||||
| CVE-2020-1102 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2020-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024. | |||||
| CVE-2020-1023 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102. | |||||
| CVE-2020-1024 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102. | |||||
| CVE-2020-13384 | 1 Monstra | 1 Monstra | 2020-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048. | |||||
| CVE-2020-13241 | 1 Microweber | 1 Microweber | 2020-05-22 | 7.2 HIGH | 7.8 HIGH |
| Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. | |||||
| CVE-2020-11807 | 1 Sourcefabric | 1 Newscoop | 2020-05-20 | 4.6 MEDIUM | 7.8 HIGH |
| Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path. | |||||
| CVE-2020-12255 | 1 Rconfig | 1 Rconfig | 2020-05-19 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif. | |||||
| CVE-2020-13128 | 1 Gwtupload Project | 1 Gwtupload | 2020-05-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service. | |||||
| CVE-2020-13126 | 1 Elementor | 1 Elementor Page Builder | 2020-05-18 | 6.5 MEDIUM | 9.9 CRITICAL |
| An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected. | |||||
| CVE-2020-12252 | 1 Gigamon | 1 Gigavue | 2020-05-18 | 6.0 MEDIUM | 6.2 MEDIUM |
| An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter. | |||||
| CVE-2020-5577 | 1 Sixapart | 1 Movable Type | 2020-05-15 | 6.5 MEDIUM | 8.8 HIGH |
| Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors. | |||||
| CVE-2020-5880 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-05-07 | 5.5 MEDIUM | 7.1 HIGH |
| Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. Resulting error messages may also reveal internal paths of the server. | |||||
| CVE-2017-15990 | 1 Savsofteproducts | 1 Phpinventory | 2020-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. | |||||
| CVE-2020-11943 | 1 Opmantek | 1 Open-audit | 2020-05-05 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload. | |||||
| CVE-2020-11817 | 1 Rukovoditel | 1 Rukovoditel | 2020-05-05 | 6.8 MEDIUM | 9.8 CRITICAL |
| In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs with the Maintenance Mode setting. | |||||
| CVE-2020-10507 | 1 The School Manage System Project | 1 The School Manage System | 2020-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine. | |||||
| CVE-2020-9280 | 1 Silverstripe | 1 Silverstripe | 2020-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files uploaded after an upgrade to 4.x. | |||||
| CVE-2020-12077 | 1 Mappresspro | 1 Mappress | 2020-04-28 | 6.5 MEDIUM | 8.8 HIGH |
| The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution. | |||||
| CVE-2020-7055 | 1 Elementor | 1 Elementor Page Builder | 2020-04-28 | 9.0 HIGH | 9.9 CRITICAL |
| An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive. | |||||
| CVE-2020-11011 | 1 Phproject | 1 Phproject | 2020-04-27 | 6.5 MEDIUM | 8.8 HIGH |
| In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8. | |||||
| CVE-2020-11722 | 1 Dungeon Crawl Stone Soup Project | 1 Dungeon Crawl Stone Soup | 2020-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file. | |||||
| CVE-2020-11815 | 1 Rukovoditel | 1 Rukovoditel | 2020-04-23 | 6.8 MEDIUM | 9.8 CRITICAL |
| In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting. | |||||
| CVE-2020-11811 | 1 Qdpm | 1 Qdpm | 2020-04-22 | 10.0 HIGH | 9.8 CRITICAL |
| In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file. | |||||
| CVE-2020-0920 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | |||||
| CVE-2020-0929 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | |||||
| CVE-2020-0931 | 1 Microsoft | 4 Business Productivity Servers, Sharepoint Enterprise Server, Sharepoint Foundation and 1 more | 2020-04-17 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | |||||
| CVE-2020-0932 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-04-17 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974. | |||||
| CVE-2020-0974 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2020-04-17 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971. | |||||