Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13156 | 1 Google | 1 Android | 2019-11-07 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847. | |||||
| CVE-2019-8093 | 1 Magento | 1 Magento | 2019-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files. | |||||
| CVE-2019-8114 | 1 Magento | 1 Magento | 2019-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload. | |||||
| CVE-2018-18930 | 1 Trms | 1 Carousel Digital Signage | 2019-11-05 | 6.5 MEDIUM | 8.8 HIGH |
| The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file (based on an exported backup of existing "Bulletins") containing a malicious file. When uploaded, the system only checks for the presence of the needed files within the ZIP and, as long as the malicious file is named properly, will extract all contained files to a new directory on the system, named with a random GUID. The attacker can determine this GUID by previewing an image from the uploaded Bulletin within the web UI. Once the GUID is determined, the attacker can navigate to the malicious file and execute it. In testing, an ASPX web shell was uploaded, allowing for remote-code execution in the context of a restricted IIS user. | |||||
| CVE-2010-3663 | 1 Typo3 | 1 Typo3 | 2019-11-05 | 6.5 MEDIUM | 8.8 HIGH |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | |||||
| CVE-2019-17325 | 1 Clipsoft | 1 Rexpert | 2019-11-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrl30.ocx. That could lead to disclosure of sensitive information. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | |||||
| CVE-2019-18204 | 1 Zucchetti | 1 Infobusiness | 2019-11-01 | 6.5 MEDIUM | 8.8 HIGH |
| Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution. | |||||
| CVE-2019-16700 | 1 Slub-dresden | 1 Slub Events | 2019-10-31 | 7.5 HIGH | 9.8 CRITICAL |
| The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files. | |||||
| CVE-2019-18417 | 1 Sourcecodester | 1 Restaurant Management System | 2019-10-28 | 6.5 MEDIUM | 8.8 HIGH |
| Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files. | |||||
| CVE-2019-14451 | 1 Repetier-server | 1 Repetier-server | 2019-10-28 | 10.0 HIGH | 9.8 CRITICAL |
| RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. | |||||
| CVE-2015-9499 | 1 Themepunch | 1 Showbiz Pro | 2019-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. | |||||
| CVE-2019-5009 | 1 Vtiger | 1 Vtiger Crm | 2019-10-24 | 6.5 MEDIUM | 7.2 HIGH |
| Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php. | |||||
| CVE-2019-16530 | 1 Sonatype | 2 Nexus Iq Server, Nexus Repository Manager | 2019-10-22 | 9.0 HIGH | 7.2 HIGH |
| Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. | |||||
| CVE-2019-14657 | 1 Yeahlink | 6 T49g, T49g Firmware, T58v and 3 more | 2019-10-18 | 9.0 HIGH | 8.8 HIGH |
| Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root. | |||||
| CVE-2019-17536 | 1 Gilacms | 1 Gila Cms | 2019-10-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move. | |||||
| CVE-2019-14656 | 1 Yeahlink | 6 T49g, T49g Firmware, T58v and 3 more | 2019-10-17 | 9.0 HIGH | 8.8 HIGH |
| Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP. | |||||
| CVE-2015-9479 | 1 Advancedcustomfields | 1 Acf Fronted Display | 2019-10-17 | 7.5 HIGH | 9.8 CRITICAL |
| The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php. | |||||
| CVE-2019-17490 | 1 Jnoj | 1 Jiangnan Online Judge | 2019-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI. | |||||
| CVE-2019-17352 | 1 Jfinal | 1 Jfinal | 2019-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions. | |||||
| CVE-2018-21024 | 1 Centreon | 1 Centreon | 2019-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | |||||