Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3663 | 1 Typo3 | 1 Typo3 | 2019-11-05 | 6.5 MEDIUM | 8.8 HIGH |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | |||||
| CVE-2019-17325 | 1 Clipsoft | 1 Rexpert | 2019-11-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrl30.ocx. That could lead to disclosure of sensitive information. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | |||||
| CVE-2019-18204 | 1 Zucchetti | 1 Infobusiness | 2019-11-01 | 6.5 MEDIUM | 8.8 HIGH |
| Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution. | |||||
| CVE-2019-16700 | 1 Slub-dresden | 1 Slub Events | 2019-10-31 | 7.5 HIGH | 9.8 CRITICAL |
| The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files. | |||||
| CVE-2019-18417 | 1 Sourcecodester | 1 Restaurant Management System | 2019-10-28 | 6.5 MEDIUM | 8.8 HIGH |
| Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files. | |||||
| CVE-2019-14451 | 1 Repetier-server | 1 Repetier-server | 2019-10-28 | 10.0 HIGH | 9.8 CRITICAL |
| RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. | |||||
| CVE-2015-9499 | 1 Themepunch | 1 Showbiz Pro | 2019-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. | |||||
| CVE-2019-5009 | 1 Vtiger | 1 Vtiger Crm | 2019-10-24 | 6.5 MEDIUM | 7.2 HIGH |
| Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php. | |||||
| CVE-2019-16530 | 1 Sonatype | 2 Nexus Iq Server, Nexus Repository Manager | 2019-10-22 | 9.0 HIGH | 7.2 HIGH |
| Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. | |||||
| CVE-2019-14657 | 1 Yeahlink | 6 T49g, T49g Firmware, T58v and 3 more | 2019-10-18 | 9.0 HIGH | 8.8 HIGH |
| Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root. | |||||
| CVE-2019-17536 | 1 Gilacms | 1 Gila Cms | 2019-10-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move. | |||||
| CVE-2019-14656 | 1 Yeahlink | 6 T49g, T49g Firmware, T58v and 3 more | 2019-10-17 | 9.0 HIGH | 8.8 HIGH |
| Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP. | |||||
| CVE-2015-9479 | 1 Advancedcustomfields | 1 Acf Fronted Display | 2019-10-17 | 7.5 HIGH | 9.8 CRITICAL |
| The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php. | |||||
| CVE-2019-17490 | 1 Jnoj | 1 Jiangnan Online Judge | 2019-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI. | |||||
| CVE-2019-17352 | 1 Jfinal | 1 Jfinal | 2019-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions. | |||||
| CVE-2018-21024 | 1 Centreon | 1 Centreon | 2019-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | |||||
| CVE-2019-17188 | 1 Fecmall | 1 Fecmall | 2019-10-10 | 6.5 MEDIUM | 7.2 HIGH |
| An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs because the code relies on the getimagesize function. | |||||
| CVE-2019-10935 | 1 Siemens | 3 Simatic Pcs 7, Simatic Wincc, Simatic Wincc Runtime | 2019-10-10 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known. | |||||
| CVE-2019-3940 | 1 Advantech | 1 Webaccess | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code. | |||||
| CVE-2019-12326 | 1 Akuvox | 2 Sp-r50p, Sp-r50p Firmware | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution. | |||||