CWE:
 

Topic
Date
Author
High
phpCollab 2.5.1 Arbitrary File Upload
03.10.2017
Sysdream
High
PhpCollab 2.5.1 Shell Upload
30.09.2017
SYSDREAM
High
Nuxeo Platform 6.x / 7.x Shell Upload
24.03.2017
SYSDREAM Labs
High
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
18.02.2017
Matt Bergin (@thatguyl...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
18.02.2017
Matt Bergin
High
Cisco Firepower Threat Management Command Execution
06.10.2016
Matt Bergin
High
WordPress Daily Edition 1.6.2 File Upload
10.03.2015
Wang Jing
High
Intrexx Professional 6.0 / 5.2 Remote Code Execution
16.12.2014
Christian Schneider
High
HelpDEZk 1.0.1 Unrestricted File Upload
06.11.2014
High-Tech Bridge Secur...
High
WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution
24.01.2014
KedAns-Dz
High
DMXReady Registration Manager Arbitrary File Upload Vulnerability
30.06.2009
Securitylab


CVEMAP Search Results

CVE
Details
Description
2018-03-22
Medium
CVE-2018-8944

Vendor: Phpok
Software: Phpok
 

 
PHPOK 4.8.338 has an arbitrary file upload vulnerability.

 
Medium
CVE-2014-4912

Vendor: Frog cms project
Software: Frog cms
 

 
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.

 
2018-03-18
Medium
CVE-2018-8766

Vendor: Joyplus-cms project
Software: Joyplus-cms
 

 
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add.

 
2018-03-13
High
CVE-2017-16251

Vendor: Mitel
Software: St14.2
 

 
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.

 
2018-03-12
Medium
CVE-2018-1000094

Vendor: Cmsmadesimple
Software: Cms made simple
 

 
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.

 
Medium
CVE-2018-7562

Vendor: Glpi-project
Software: GLPI
 

 
A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php.

 
2018-03-09
Medium
CVE-2014-2592

Vendor: Arubanetworks
Software: Web manageme...
 

 
Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

 
2018-03-08
High
CVE-2018-1215

Vendor: DELL
Software: Emc vmax emb...
 

 
An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability.

 
2018-03-06
Medium
CVE-2016-7443

Vendor: Exponentcms
Software: Exponent cms
 

 
Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."

 
2018-03-05
High
CVE-2018-7665

Vendor: Clip-bucket
Software: Clipbucket
 

 
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top