Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8337 | 1 Helpdezk | 1 Helpdezk | 2020-01-15 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. | |||||
| CVE-2014-8516 | 1 Cloudfastpath | 1 Netcharts Server | 2020-01-15 | 10.0 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | |||||
| CVE-2012-2226 | 1 Invisioncommunity | 1 Invision Power Board | 2020-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | |||||
| CVE-2014-3448 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2020-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload | |||||
| CVE-2015-5951 | 1 Thomsonreuters | 1 Fatca | 2020-01-10 | 9.0 HIGH | 9.9 CRITICAL |
| A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands. | |||||
| CVE-2020-5514 | 1 Gilacms | 1 Gila Cms | 2020-01-09 | 9.0 HIGH | 9.1 CRITICAL |
| Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. | |||||
| CVE-2019-20048 | 1 Al-enterprise | 1 Omnivista 8770 | 2020-01-07 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM. | |||||
| CVE-2015-5601 | 1 Edx | 1 Edx-platform | 2020-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. | |||||
| CVE-2013-4796 | 1 Reviewboard | 1 Reviewboard | 2020-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request | |||||
| CVE-2019-16790 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2020-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted. | |||||
| CVE-2019-8293 | 1 Abcprintf | 1 Upload-image-with-ajax | 2020-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution. | |||||
| CVE-2019-19745 | 1 Contao | 1 Contao | 2019-12-18 | 6.5 MEDIUM | 8.8 HIGH |
| Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server. | |||||
| CVE-2019-11216 | 1 Bmc | 1 Remedy Smart Reporting | 2019-12-13 | 5.5 MEDIUM | 6.5 MEDIUM |
| BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed. | |||||
| CVE-2019-15936 | 1 Intesync | 1 Solismed | 2019-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| Intesync Solismed 3.3sp allows Insecure File Upload. | |||||
| CVE-2019-19468 | 1 10-strike | 1 Free Photo Viewer | 2019-12-13 | 6.8 MEDIUM | 7.8 HIGH |
| Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 corrupt entry. | |||||
| CVE-2017-1002008 | 1 Membership Simplified Project | 1 Membership Simplified | 2019-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. | |||||
| CVE-2017-1002016 | 1 Flickr Picture Backup Project | 1 Flickr Picture Backup | 2019-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. | |||||
| CVE-2019-19684 | 1 Nopcommerce | 1 Nopcommerce | 2019-12-11 | 6.5 MEDIUM | 8.8 HIGH |
| nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin. | |||||
| CVE-2019-4612 | 1 Ibm | 1 Planning Analytics | 2019-12-11 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523. | |||||
| CVE-2019-19595 | 2 Adobe, Prestashop | 2 Stock Api Integration, Prestashop | 2019-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file. | |||||