Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36701 | 1 King-theme | 1 Page Builder King Composer | 2023-11-07 | N/A | 8.8 HIGH |
| The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level permissions and above to upload arbitrary files onto the server which can be used to execute code on the server. | |||||
| CVE-2020-25733 | 1 Webtareas Project | 1 Webtareas | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | |||||
| CVE-2020-11722 | 1 Dungeon Crawl Stone Soup Project | 1 Dungeon Crawl Stone Soup | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file. | |||||
| CVE-2019-3489 | 1 Microfocus | 1 Content Manager | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server. | |||||
| CVE-2019-25138 | 1 Plugin-planet | 1 User Submitted Posts | 2023-11-07 | N/A | 9.8 CRITICAL |
| The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | |||||
| CVE-2019-20183 | 1 Employee Records System Project | 1 Employee Records System | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension. | |||||
| CVE-2019-19634 | 2 Getk2, Verot Project | 2 K2, Verot | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576. | |||||
| CVE-2019-19576 | 2 Getk2, Verot Project | 2 K2, Verot | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions. | |||||
| CVE-2019-13976 | 1 Egain | 1 Chat | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| eGain Chat 15.0.3 allows unrestricted file upload. | |||||
| CVE-2019-12409 | 2 Apache, Linux | 2 Solr, Linux Kernel | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server. | |||||
| CVE-2019-11655 | 1 Hp | 1 Arcsight Logger | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type. | |||||
| CVE-2019-10012 | 2 Jenzabar, Tiny | 2 Internet Campus Solution, Moxiemanager | 2023-11-07 | 6.0 MEDIUM | 7.5 HIGH |
| Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer. | |||||
| CVE-2018-6152 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 6.8 MEDIUM | 9.6 CRITICAL |
| The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction. | |||||
| CVE-2018-20063 | 1 Gurock | 1 Testrail | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a safe Content-Type value, and then accessing it via a direct request to the file in the file-upload directory (if it's accessible according to the server configuration). | |||||
| CVE-2018-1342 | 1 Netiq | 1 Access Manager | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console. | |||||
| CVE-2018-19789 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution. | |||||
| CVE-2018-19550 | 1 Interspire | 1 Email Marketer | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI. | |||||
| CVE-2018-15333 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps. | |||||
| CVE-2018-12468 | 1 Microfocus | 1 Groupwise | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution. | |||||
| CVE-2017-9279 | 1 Netiq | 1 Identity Manager | 2023-11-07 | 9.0 HIGH | 7.2 HIGH |
| NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users. | |||||