Total
2498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17403 | 1 Nokia | 1 Impact | 2024-08-05 | 8.8 High |
| Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. | ||||
| CVE-2019-17352 | 1 Jfinal | 1 Jfinal | 2024-08-05 | 7.5 High |
| In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions. | ||||
| CVE-2019-17325 | 1 Clipsoft | 1 Rexpert | 2024-08-05 | 6.5 Medium |
| ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrl30.ocx. That could lead to disclosure of sensitive information. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | ||||
| CVE-2019-17188 | 1 Fecmall | 1 Fecmall | 2024-08-05 | 7.2 High |
| An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs because the code relies on the getimagesize function. | ||||
| CVE-2019-17046 | 1 Ilch | 1 Ilch Cms | 2024-08-05 | 7.2 High |
| Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. | ||||
| CVE-2019-17058 | 1 Footy | 1 Tipping Software | 2024-08-05 | 9.1 Critical |
| Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat file. | ||||
| CVE-2019-16790 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2024-08-05 | 6.5 Medium |
| In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted. | ||||
| CVE-2019-16720 | 1 Zzzcms | 1 Zzzphp | 2024-08-05 | 7.5 High |
| ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. | ||||
| CVE-2019-16700 | 1 Slub-dresden | 1 Slub Events | 2024-08-05 | 9.8 Critical |
| The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files. | ||||
| CVE-2019-16530 | 1 Sonatype | 2 Nexus Iq Server, Nexus Repository Manager | 2024-08-05 | 7.2 High |
| Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. | ||||
| CVE-2019-16514 | 1 Connectwise | 1 Control | 2024-08-05 | 7.2 High |
| An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server. | ||||
| CVE-2019-16318 | 1 Pimcore | 1 Pimcore | 2024-08-05 | 8.8 High |
| In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. | ||||
| CVE-2019-16192 | 1 Doccms | 1 Doccms | 2024-08-05 | 9.8 Critical |
| upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive. | ||||
| CVE-2019-16131 | 1 Phpok | 1 Oklite | 2024-08-05 | 8.8 High |
| framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. | ||||
| CVE-2019-16066 | 1 Netsas | 1 Enigma Network Management Solution | 2024-08-05 | 8.8 High |
| An unrestricted file upload vulnerability exists in user and system file upload functions in NETSAS Enigma NMS 65.0.0 and prior. This allows an attacker to upload malicious files and perform arbitrary code execution on the system. | ||||
| CVE-2019-15936 | 1 Intesync | 1 Solismed | 2024-08-05 | 9.8 Critical |
| Intesync Solismed 3.3sp allows Insecure File Upload. | ||||
| CVE-2019-15866 | 1 Crelly Slider Project | 1 Crelly Slider | 2024-08-05 | N/A |
| The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider. | ||||
| CVE-2019-15862 | 1 Cksource | 1 Ckfinder | 2024-08-05 | 7.5 High |
| An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP. | ||||
| CVE-2019-15813 | 1 Sentrifugo | 1 Sentrifugo | 2024-08-05 | 8.8 High |
| Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. | ||||
| CVE-2019-15843 | 1 Mi | 1 Xiaomi Millet Firmware | 2024-08-05 | 7.4 High |
| A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing. | ||||