Total
2498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-4063 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-08-05 | N/A |
| An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3814 | 1 Craftcms | 1 Craft Cms | 2024-08-05 | N/A |
| Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension. | ||||
| CVE-2018-2420 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation. | ||||
| CVE-2018-2404 | 1 Sap | 1 Disclosure Management | 2024-08-05 | N/A |
| SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. | ||||
| CVE-2018-1215 | 1 Dell | 4 Emc Solutions Enabler Virtual Appliance, Emc Unisphere For Vmax Virtual Appliance, Emc Vasa Virtual Appliance and 1 more | 2024-08-05 | N/A |
| An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability. | ||||
| CVE-2018-0686 | 1 Neo | 2 Debun Imap, Debun Pop | 2024-08-05 | N/A |
| Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors. | ||||
| CVE-2018-0645 | 1 Bit-part | 1 Mtappjquery | 2024-08-05 | N/A |
| MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. | ||||
| CVE-2018-0568 | 1 Sitebridge | 1 Joruri Gw | 2024-08-05 | N/A |
| Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors. | ||||
| CVE-2018-0587 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
| Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors. | ||||
| CVE-2018-0571 | 1 Basercms | 1 Basercms | 2024-08-05 | N/A |
| baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. | ||||
| CVE-2018-0258 | 1 Cisco | 2 Prime Data Center Network Manager, Prime Infrastructure | 2024-08-05 | N/A |
| A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727. | ||||
| CVE-2019-1010209 | 1 Gorul | 1 Gourl | 2024-08-05 | N/A |
| GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.php#L5637. The fixed version is: 1.4.14. | ||||
| CVE-2019-1010123 | 1 Modx | 1 Modx Revolution | 2024-08-05 | N/A |
| MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via /assets/components/gallery/connector.php. | ||||
| CVE-2019-1010062 | 1 Pluck-cms | 1 Pluckcms | 2024-08-05 | N/A |
| PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit 09f0ab871bf633973cfd9fc4fe59d4a912397cf8. | ||||
| CVE-2019-25138 | 1 Plugin-planet | 1 User Submitted Posts | 2024-08-05 | 9.8 Critical |
| The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | ||||
| CVE-2019-20451 | 1 Samsung | 2 Prismview Player 11, Prismview System 9 | 2024-08-05 | 9.8 Critical |
| The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be downloaded.) | ||||
| CVE-2019-20385 | 1 Logaritmo | 1 Aware Callmanager | 2024-08-05 | 8.8 High |
| The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/* content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI. | ||||
| CVE-2019-20183 | 1 Employee Records System Project | 1 Employee Records System | 2024-08-05 | 7.2 High |
| uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension. | ||||
| CVE-2019-20048 | 1 Al-enterprise | 1 Omnivista 8770 | 2024-08-05 | 7.2 High |
| An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM. | ||||
| CVE-2019-19925 | 8 Debian, Netapp, Opensuse and 5 more | 14 Debian Linux, Cloud Backup, Backports Sle and 11 more | 2024-08-05 | 7.5 High |
| zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | ||||