Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9402 | 1 Usersultra | 1 Users Ultra Membership | 2019-09-23 | 6.8 MEDIUM | 8.8 HIGH |
| The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. | |||||
| CVE-2019-15843 | 1 Mi | 1 Xiaomi Millet Firmware | 2019-09-20 | 5.8 MEDIUM | 7.4 HIGH |
| A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing. | |||||
| CVE-2019-14252 | 1 Publisure | 1 Publisure | 2019-09-18 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if removed from the adminCons.php view (i.e., the rogue PHP file can be hidden). | |||||
| CVE-2016-10995 | 1 Templatic | 1 Telvolution | 2019-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php. | |||||
| CVE-2019-15131 | 1 Code42 | 1 Code42 | 2019-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution. | |||||
| CVE-2019-16318 | 1 Pimcore | 1 Pimcore | 2019-09-17 | 6.5 MEDIUM | 8.8 HIGH |
| In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. | |||||
| CVE-2016-10959 | 1 Estatik | 1 Estatik | 2019-09-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. | |||||
| CVE-2016-10958 | 1 Estatik | 1 Estatik | 2019-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. | |||||
| CVE-2016-10955 | 1 Cysteme | 1 Cysteme-finder | 2019-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. | |||||
| CVE-2018-9206 | 1 Jquery File Upload Project | 1 Jquery File Upload | 2019-09-11 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0 | |||||
| CVE-2019-16131 | 1 Phpok | 1 Oklite | 2019-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. | |||||
| CVE-2019-13187 | 1 Symphonyextensions | 1 Rich Text Formatter | 2019-09-06 | 7.5 HIGH | 9.8 CRITICAL |
| The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php. | |||||
| CVE-2019-15866 | 1 Crelly Slider Project | 1 Crelly Slider | 2019-09-05 | 6.5 MEDIUM | 8.8 HIGH |
| The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider. | |||||
| CVE-2019-15649 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2019-08-30 | 6.5 MEDIUM | 8.8 HIGH |
| The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload. | |||||
| CVE-2019-15524 | 1 Cszcms | 1 Csz Cms | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI. | |||||
| CVE-2019-11031 | 1 Mirasys | 1 Mirasys Vms | 2019-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges. | |||||
| CVE-2017-18592 | 1 Wc-marketplace | 1 Wc Catalog Enquiry | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads. | |||||
| CVE-2018-18572 | 1 Oscommerce | 1 Oscommerce | 2019-08-29 | 6.5 MEDIUM | 7.2 HIGH |
| osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI. | |||||
| CVE-2015-9340 | 1 Iptanus | 1 Wordpress File Upload | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. | |||||
| CVE-2015-9339 | 1 Iptanus | 1 Wordpress File Upload | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. | |||||