Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2950 | 2 Gatewaygeomatics, Microsoft | 2 Mapserver, Windows | 2020-01-22 | 9.3 HIGH | 8.1 HIGH |
| Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information. | |||||
| CVE-2011-2933 | 1 Websitebaker | 1 Websitebaker | 2020-01-21 | 6.5 MEDIUM | 7.2 HIGH |
| An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions. | |||||
| CVE-2020-5846 | 1 Ahsay | 1 Cloud Backup Suite | 2020-01-17 | 4.0 MEDIUM | 8.8 HIGH |
| An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full system access as the configured user (e.g., Administrator) when starting from any authenticated session (e.g., a trial account). This is fixed in the 83/830122/cbs-*-hotfix-task26000 builds. | |||||
| CVE-2015-4553 | 1 Dedecms | 1 Dedecms | 2020-01-15 | 6.5 MEDIUM | 8.8 HIGH |
| A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. | |||||
| CVE-2014-8337 | 1 Helpdezk | 1 Helpdezk | 2020-01-15 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. | |||||
| CVE-2014-8516 | 1 Cloudfastpath | 1 Netcharts Server | 2020-01-15 | 10.0 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | |||||
| CVE-2012-2226 | 1 Invisioncommunity | 1 Invision Power Board | 2020-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | |||||
| CVE-2014-3448 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2020-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload | |||||
| CVE-2015-5951 | 1 Thomsonreuters | 1 Fatca | 2020-01-10 | 9.0 HIGH | 9.9 CRITICAL |
| A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands. | |||||
| CVE-2020-5514 | 1 Gilacms | 1 Gila Cms | 2020-01-09 | 9.0 HIGH | 9.1 CRITICAL |
| Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. | |||||
| CVE-2019-20048 | 1 Al-enterprise | 1 Omnivista 8770 | 2020-01-07 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM. | |||||
| CVE-2015-5601 | 1 Edx | 1 Edx-platform | 2020-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. | |||||
| CVE-2013-4796 | 1 Reviewboard | 1 Reviewboard | 2020-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request | |||||
| CVE-2019-16790 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2020-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted. | |||||
| CVE-2019-8293 | 1 Abcprintf | 1 Upload-image-with-ajax | 2020-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution. | |||||
| CVE-2019-19745 | 1 Contao | 1 Contao | 2019-12-18 | 6.5 MEDIUM | 8.8 HIGH |
| Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server. | |||||
| CVE-2019-11216 | 1 Bmc | 1 Remedy Smart Reporting | 2019-12-13 | 5.5 MEDIUM | 6.5 MEDIUM |
| BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed. | |||||
| CVE-2019-15936 | 1 Intesync | 1 Solismed | 2019-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| Intesync Solismed 3.3sp allows Insecure File Upload. | |||||
| CVE-2019-19468 | 1 10-strike | 1 Free Photo Viewer | 2019-12-13 | 6.8 MEDIUM | 7.8 HIGH |
| Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 corrupt entry. | |||||
| CVE-2017-1002008 | 1 Membership Simplified Project | 1 Membership Simplified | 2019-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. | |||||