Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10228 | 1 Vtenext | 1 Vtenext | 2020-09-18 | 6.5 MEDIUM | 8.8 HIGH |
| A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. | |||||
| CVE-2020-25287 | 1 Pligg Project | 1 Pligg | 2020-09-17 | 6.5 MEDIUM | 7.2 HIGH |
| Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. | |||||
| CVE-2020-14008 | 1 Zohocorp | 1 Manageengine Applications Manager | 2020-09-16 | 6.5 MEDIUM | 7.2 HIGH |
| Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. | |||||
| CVE-2018-15424 | 1 Cisco | 1 Identity Services Engine | 2020-09-16 | 6.5 MEDIUM | 4.7 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. | |||||
| CVE-2020-4703 | 1 Ibm | 1 Spectrum Protect Plus | 2020-09-16 | 6.0 MEDIUM | 8.0 HIGH |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188. | |||||
| CVE-2020-24195 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2020-09-15 | 6.5 MEDIUM | 9.1 CRITICAL |
| An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. | |||||
| CVE-2019-11447 | 1 Cutephp | 1 Cutenews | 2020-09-11 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.) | |||||
| CVE-2020-23829 | 1 Librehealth | 1 Librehealth Ehr | 2020-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image. | |||||
| CVE-2020-6288 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-09-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker can modify some formulas and display erroneous content. The server is not affected only the current user browser session, that can easily be closed. | |||||
| CVE-2020-24199 | 1 Projectworlds | 1 Car Rental Project | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. | |||||
| CVE-2020-23972 | 1 Gmapfp | 1 Gmapfp | 2020-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. | |||||
| CVE-2019-7838 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7816 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-24196 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2020-09-02 | 6.5 MEDIUM | 7.2 HIGH |
| An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. | |||||
| CVE-2020-24202 | 1 Projectworlds | 1 House Rental And Property Listing Project | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. | |||||
| CVE-2020-13126 | 1 Elementor | 1 Elementor Page Builder | 2020-08-25 | 6.5 MEDIUM | 9.9 CRITICAL |
| An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected. | |||||
| CVE-2020-7055 | 1 Elementor | 1 Elementor Page Builder | 2020-08-25 | 9.0 HIGH | 9.9 CRITICAL |
| An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive. | |||||
| CVE-2019-14467 | 1 Infoway | 1 Social Photo Gallery | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked. | |||||
| CVE-2018-4921 | 1 Adobe | 1 Connect | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2019-1443 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'. | |||||