Total
2498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9209 | 1 Fineuploader | 1 Php-traditional-server | 2024-08-05 | N/A |
| Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2 | ||||
| CVE-2018-9206 | 1 Jquery File Upload Project | 1 Jquery File Upload | 2024-08-05 | 9.8 Critical |
| Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0 | ||||
| CVE-2018-9153 | 1 Zblogcn | 1 Z-blogphp | 2024-08-05 | N/A |
| The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directly by an administrator, or through CSRF. | ||||
| CVE-2018-7567 | 1 Otrs | 1 Otrs | 2024-08-05 | N/A |
| In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary. | ||||
| CVE-2018-9037 | 1 Monstra | 1 Monstra | 2024-08-05 | N/A |
| Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files. | ||||
| CVE-2018-8766 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-08-05 | N/A |
| joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add. | ||||
| CVE-2018-7836 | 1 Schneider-electric | 1 Iiot Monitor | 2024-08-05 | N/A |
| An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. | ||||
| CVE-2018-7665 | 1 Clip-bucket | 1 Clipbucket | 2024-08-05 | N/A |
| An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php. | ||||
| CVE-2018-7562 | 1 Glpi-project | 1 Glpi | 2024-08-05 | N/A |
| A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php. | ||||
| CVE-2018-7316 | 1 Christianwebministries | 1 Proclaim | 2024-08-05 | N/A |
| Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action. | ||||
| CVE-2018-7217 | 1 Tejari | 1 Bravo Solution | 2024-08-05 | N/A |
| In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request. | ||||
| CVE-2018-6860 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-08-05 | 8.8 High |
| Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture. | ||||
| CVE-2018-6580 | 1 Janguo | 1 Jimtawl | 2024-08-05 | N/A |
| Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request. | ||||
| CVE-2018-6411 | 1 Machform | 1 Machform | 2024-08-05 | N/A |
| An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection. | ||||
| CVE-2018-6152 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-08-05 | N/A |
| The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction. | ||||
| CVE-2018-5997 | 1 Ravpower | 1 Filehub Firmware | 2024-08-05 | N/A |
| An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root. | ||||
| CVE-2018-5749 | 2 Minecraft Servers List Lite Project, Premium Minecraft Servers List Project | 2 Minecraft Servers List Lite, Premium Minecraft Servers List | 2024-08-05 | N/A |
| install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter. | ||||
| CVE-2018-5724 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-08-05 | N/A |
| MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi. | ||||
| CVE-2018-5204 | 1 Infraware-global | 1 Ml Report | 2024-08-05 | N/A |
| ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution. | ||||
| CVE-2018-4921 | 1 Adobe | 1 Connect | 2024-08-05 | N/A |
| Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure. | ||||