Total
2367 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-11811 | 1 Qdpm | 1 Qdpm | 2020-04-22 | 10.0 HIGH | 9.8 CRITICAL |
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file. | |||||
CVE-2020-0920 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-04-20 | 6.5 MEDIUM | 8.8 HIGH |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | |||||
CVE-2020-0929 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-04-20 | 6.5 MEDIUM | 8.8 HIGH |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | |||||
CVE-2020-0931 | 1 Microsoft | 4 Business Productivity Servers, Sharepoint Enterprise Server, Sharepoint Foundation and 1 more | 2020-04-17 | 6.5 MEDIUM | 8.8 HIGH |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | |||||
CVE-2020-0932 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-04-17 | 6.5 MEDIUM | 8.8 HIGH |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974. | |||||
CVE-2020-0974 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2020-04-17 | 6.5 MEDIUM | 8.8 HIGH |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971. | |||||
CVE-2020-10621 | 1 Advantech | 1 Webaccess\/nms | 2020-04-10 | 10.0 HIGH | 9.8 CRITICAL |
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | |||||
CVE-2020-11544 | 1 Projectworlds | 1 Official Car Rental System | 2020-04-06 | 6.5 MEDIUM | 7.2 HIGH |
An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files. | |||||
CVE-2001-0340 | 1 Microsoft | 1 Exchange Server | 2020-04-02 | 7.5 HIGH | N/A |
An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. | |||||
CVE-2001-1099 | 2 Microsoft, Symantec | 2 Exchange Server, Norton Antivirus | 2020-04-02 | 5.0 MEDIUM | N/A |
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. | |||||
CVE-2020-6008 | 1 Lifterlms | 1 Lifterlms | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution | |||||
CVE-2020-10964 | 2 Microsoft, S9y | 2 Windows, Serendipity | 2020-03-27 | 7.5 HIGH | 9.8 CRITICAL |
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. | |||||
CVE-2020-10806 | 1 Ez | 2 Ez Publish-kernel, Ez Publish-legacy | 2020-03-25 | 7.5 HIGH | 9.8 CRITICAL |
eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution. | |||||
CVE-2020-7935 | 1 Artica | 1 Pandora Fms | 2020-03-25 | 6.5 MEDIUM | 7.2 HIGH |
Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access. | |||||
CVE-2020-8511 | 1 Artica | 1 Pandora Fms | 2020-03-25 | 6.5 MEDIUM | 7.2 HIGH |
In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. | |||||
CVE-2020-10682 | 1 Cmsmadesimple | 1 Cms Made Simple | 2020-03-24 | 6.8 MEDIUM | 7.8 HIGH |
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file). | |||||
CVE-2019-16066 | 1 Netsas | 1 Enigma Network Management Solution | 2020-03-23 | 9.0 HIGH | 8.8 HIGH |
An unrestricted file upload vulnerability exists in user and system file upload functions in NETSAS Enigma NMS 65.0.0 and prior. This allows an attacker to upload malicious files and perform arbitrary code execution on the system. | |||||
CVE-2020-9423 | 1 Logicaldoc | 1 Logicaldoc | 2020-03-20 | 10.0 HIGH | 9.8 CRITICAL |
LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users, applying tags, etc. This functionality could be abused by an unauthenticated attacker to upload an arbitrary file in a restricted folder. This would lead to the executions of malicious commands with root privileges. | |||||
CVE-2019-12971 | 1 G-u | 2 Bks Ebk Ethernet-buskoppler Pro, Bks Ebk Ethernet-buskoppler Pro Firmware | 2020-03-19 | 10.0 HIGH | 9.8 CRITICAL |
BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type. | |||||
CVE-2020-9471 | 1 Umbraco | 1 Umbraco Cms | 2020-03-19 | 6.5 MEDIUM | 8.8 HIGH |
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality. |