Total
2498 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-17055 | 1 Progress | 1 Sitefinity | 2024-08-05 | N/A |
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | ||||
CVE-2018-16974 | 1 Elefantcms | 1 Elefant | 2024-08-05 | N/A |
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist). | ||||
CVE-2018-17058 | 1 Jaba | 1 Jaba Xpress | 2024-08-05 | 8.8 High |
An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs in FileUploader.aspx by using empty w and h parameters. This file may contain arbitrary aspx code that may be executed by accessing /Jec/ProductImages/<number>/<filename>. Accessing the file once uploaded does not require authentication. | ||||
CVE-2018-16796 | 1 Hiscout | 1 Grc Suite | 2024-08-05 | N/A |
HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. | ||||
CVE-2018-16821 | 1 Seacms | 1 Seacms | 2024-08-05 | N/A |
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. | ||||
CVE-2018-16731 | 1 Chshcms | 1 Cscms | 2024-08-05 | N/A |
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. | ||||
CVE-2018-16388 | 1 E107 | 1 E107 | 2024-08-05 | N/A |
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | ||||
CVE-2018-16352 | 1 Weaselcms Project | 1 Weaselcms | 2024-08-05 | N/A |
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used. | ||||
CVE-2018-16370 | 1 Pescms | 1 Pescms Team | 2024-08-05 | N/A |
In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. | ||||
CVE-2018-16373 | 1 Frog Cms Project | 1 Frog Cms | 2024-08-05 | N/A |
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. | ||||
CVE-2018-16287 | 1 Lg | 1 Supersign Cms | 2024-08-05 | N/A |
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. | ||||
CVE-2018-16169 | 1 Cybozu | 1 Remote Service Manager | 2024-08-05 | N/A |
Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors. | ||||
CVE-2018-16093 | 1 Lenovo | 1 Xclarity Integrator | 2024-08-05 | N/A |
In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file. | ||||
CVE-2018-16097 | 1 Lenovo | 1 Xclarity Integrator | 2024-08-05 | N/A |
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate. | ||||
CVE-2018-15573 | 1 Reprisesoftware | 1 Reprise License Manager | 2024-08-05 | 8.8 High |
An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability. | ||||
CVE-2018-15961 | 1 Adobe | 1 Coldfusion | 2024-08-05 | 9.8 Critical |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
CVE-2018-15882 | 1 Joomla | 1 Joomla\! | 2024-08-05 | N/A |
An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter. | ||||
CVE-2018-15537 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-08-05 | N/A |
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. | ||||
CVE-2018-15333 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-08-05 | N/A |
On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps. | ||||
CVE-2018-15137 | 1 Cela Link | 2 Clr-m20, Clr-m20 Firmware | 2024-08-05 | N/A |
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method. |