CWE:
 

Topic
Date
Author
Med.
WordPress Ultimate-Member Plugins 2.0.38 CSRF Backdoor Access
04.02.2019
KingSkrupellos
Med.
WordPress MM-Forms-Community Plugins 2.2.7 Backdoor Access and SQL Injection Vulnerability
27.01.2019
KingSkrupellos
Med.
WordPress pitajte-strucnjaka Plugins 4.9.6 Backdoor Access Vulnerability
27.01.2019
KingSkrupellos
Med.
WordPress category-page-icons Plugins 3.6.1 CSRF Backdoor Access Vulnerability
18.01.2019
KingSkrupellos
High
Joomla Codextrous Com_B2jcontact Components 2.1.17 Shell Upload Vulnerability
09.01.2019
KingSkrupellos
Med.
Design & Developed by SoftBd Ltd. Bangladesh Education Portals Multiple Vulnerabilities
04.09.2018
KingSkrupellos
Med.
ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload
18.06.2018
L0RD
Med.
Gardenoma Remote File Upload Vulnerability
11.06.2018
Mr.T959
Med.
WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability
08.06.2018
KingSkrupellos
Med.
LifeRay (Fckeditor) Arbitrary File Upload Vulnerability
06.05.2018
Mostafa Gharzi
High
phpCollab 2.5.1 Arbitrary File Upload
03.10.2017
Sysdream
High
PhpCollab 2.5.1 Shell Upload
30.09.2017
SYSDREAM
High
Nuxeo Platform 6.x / 7.x Shell Upload
24.03.2017
SYSDREAM Labs
High
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
18.02.2017
Matt Bergin (@thatguyl...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
18.02.2017
Matt Bergin
High
Cisco Firepower Threat Management Command Execution
06.10.2016
Matt Bergin
High
WordPress Daily Edition 1.6.2 File Upload
10.03.2015
Wang Jing
High
Intrexx Professional 6.0 / 5.2 Remote Code Execution
16.12.2014
Christian Schneider
High
HelpDEZk 1.0.1 Unrestricted File Upload
06.11.2014
High-Tech Bridge Secur...
High
WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution
24.01.2014
KedAns-Dz
High
DMXReady Registration Manager Arbitrary File Upload Vulnerability
30.06.2009
Securitylab


CVEMAP Search Results

CVE
Details
Description
2019-02-18
Medium
CVE-2019-8933

Vendor: Dedecms
Software: Dedecms
 

 
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php.

 
2019-02-17
Medium
CVE-2019-8433

Vendor: JTBC
Software: Jtbc php
 

 
JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.

 
2019-02-16
Low
CVE-2019-8394

Updating...
 

 
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.

 
Medium
CVE-2019-8362

Vendor: Dedecms
Software: Dedecms
 

 
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content).

 
2019-02-15
Medium
CVE-2019-0259

Vendor: SAP
Software: Businessobjects
 

 
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.

 
2019-02-10
Medium
CVE-2019-7721

Vendor: Nconsulting
Software: Nc-cms
 

 
lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters.

 
2019-02-09
High
CVE-2019-7684

Vendor: Inxedu
Software: Inxedu
 

 
inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java). The attacker uses the /video/uploadvideo fileType parameter to change the list of acceptable extensions from jpg,gif,png,jpeg to jpg,gif,png,jsp,jpeg.

 
2019-02-07
Medium
CVE-2019-6139

Vendor: Forcepoint
Software: User id
 

 
Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface.

 
2019-01-15
Medium
CVE-2019-0017

Vendor: Juniper
Software: Junos space
 

 
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

 
2019-01-14
Medium
CVE-2018-1969

Vendor: IBM
Software: Security ide...
 

 
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top