CWE:
 

Topic
Date
Author
Med.
WordPress Ultimate-Member Plugins 2.0.38 CSRF Backdoor Access
04.02.2019
KingSkrupellos
Med.
WordPress MM-Forms-Community Plugins 2.2.7 Backdoor Access and SQL Injection Vulnerability
27.01.2019
KingSkrupellos
Med.
WordPress pitajte-strucnjaka Plugins 4.9.6 Backdoor Access Vulnerability
27.01.2019
KingSkrupellos
Med.
WordPress category-page-icons Plugins 3.6.1 CSRF Backdoor Access Vulnerability
18.01.2019
KingSkrupellos
High
Joomla Codextrous Com_B2jcontact Components 2.1.17 Shell Upload Vulnerability
09.01.2019
KingSkrupellos
Med.
Design & Developed by SoftBd Ltd. Bangladesh Education Portals Multiple Vulnerabilities
04.09.2018
KingSkrupellos
Med.
ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload
18.06.2018
L0RD
Med.
Gardenoma Remote File Upload Vulnerability
11.06.2018
Mr.T959
Med.
WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability
08.06.2018
KingSkrupellos
Med.
LifeRay (Fckeditor) Arbitrary File Upload Vulnerability
06.05.2018
Mostafa Gharzi
High
phpCollab 2.5.1 Arbitrary File Upload
03.10.2017
Sysdream
High
PhpCollab 2.5.1 Shell Upload
30.09.2017
SYSDREAM
High
Nuxeo Platform 6.x / 7.x Shell Upload
24.03.2017
SYSDREAM Labs
High
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
18.02.2017
Matt Bergin (@thatguyl...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
18.02.2017
Matt Bergin
High
Cisco Firepower Threat Management Command Execution
06.10.2016
Matt Bergin
High
WordPress Daily Edition 1.6.2 File Upload
10.03.2015
Wang Jing
High
Intrexx Professional 6.0 / 5.2 Remote Code Execution
16.12.2014
Christian Schneider
High
HelpDEZk 1.0.1 Unrestricted File Upload
06.11.2014
High-Tech Bridge Secur...
High
WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution
24.01.2014
KedAns-Dz
High
DMXReady Registration Manager Arbitrary File Upload Vulnerability
30.06.2009
Securitylab


CVEMAP Search Results

CVE
Details
Description
2019-02-10
Medium
CVE-2019-7721

Vendor: Nconsulting
Software: Nc-cms
 

 
lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters.

 
2019-01-15
Medium
CVE-2019-0017

Vendor: Juniper
Software: Junos space
 

 
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

 
2019-01-14
Medium
CVE-2018-1969

Vendor: IBM
Software: Security ide...
 

 
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.

 
2019-01-09
Medium
CVE-2018-16169

Vendor: Cybozu
Software: Remote servi...
 

 
Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors.

 
2019-01-04
Medium
CVE-2019-5009

Vendor: Vtiger
Software: CRM
 

 
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php.

 
2019-01-02
Medium
CVE-2018-20166

Vendor: Rukovoditel
Software: Rukovoditel
 

 
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed case, such as the .pHp extension.

 
2018-12-28
Low
CVE-2018-15333

Vendor: F5
Software: Big-ip acces...
 

 
On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps.

 
Medium
CVE-2018-5204

Updating...
 

 
ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.

 
2018-12-24
Medium
CVE-2018-7836

Vendor: Schneider-electric
Software: Iiot monitor
 

 
An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files.

 
2018-12-20
Medium
CVE-2018-1000839

Vendor: Librehealth
Software: Librehealth ehr
 

 
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top