CWE:
 

Topic
Date
Author
Med.
ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload
18.06.2018
L0RD
Med.
Gardenoma Remote File Upload Vulnerability
11.06.2018
Mr.T959
Med.
WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability
08.06.2018
KingSkrupellos
Med.
LifeRay (Fckeditor) Arbitrary File Upload Vulnerability
06.05.2018
Mostafa Gharzi
High
phpCollab 2.5.1 Arbitrary File Upload
03.10.2017
Sysdream
High
PhpCollab 2.5.1 Shell Upload
30.09.2017
SYSDREAM
High
Nuxeo Platform 6.x / 7.x Shell Upload
24.03.2017
SYSDREAM Labs
High
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
18.02.2017
Matt Bergin (@thatguyl...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
18.02.2017
Matt Bergin
High
Cisco Firepower Threat Management Command Execution
06.10.2016
Matt Bergin
High
WordPress Daily Edition 1.6.2 File Upload
10.03.2015
Wang Jing
High
Intrexx Professional 6.0 / 5.2 Remote Code Execution
16.12.2014
Christian Schneider
High
HelpDEZk 1.0.1 Unrestricted File Upload
06.11.2014
High-Tech Bridge Secur...
High
WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution
24.01.2014
KedAns-Dz
High
DMXReady Registration Manager Arbitrary File Upload Vulnerability
30.06.2009
Securitylab


CVEMAP Search Results

CVE
Details
Description
2018-06-29
High
CVE-2018-13021

Vendor: Hongcms project
Software: Hongcms
 

 
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.

 
2018-06-27
Medium
CVE-2018-12914

Vendor: Publiccms
Software: Publiccms
 

 
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.

 
2018-06-26
Medium
CVE-2018-1000544

Vendor: Rubyzip project
Software: Rubyzip
 

 
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..

 
Low
CVE-2018-0571

Vendor: Basercms
Software: Basercms
 

 
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.

 
2018-06-19
Low
CVE-2018-12519

Vendor: Codenx
Software: Shopnx
 

 
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.

 
2018-06-15
Medium
CVE-2018-12491

Vendor: Phpok
Software: Phpok
 

 
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944.

 
Medium
CVE-2018-11221

Vendor: Artica
Software: Pandora fms
 

 
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.

 
2018-06-13
Medium
CVE-2011-4183

Vendor: Opensuse
Software: Open build s...
 

 
A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.

 
Medium
CVE-2018-12263

Vendor: Portfoliocms prokect
Software: Portfoliocms
 

 
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.

 
2018-06-08
Medium
CVE-2018-1453

Vendor: IBM
Software: Security ide...
 

 
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top