Check CVE Id
Check CWE Id
EwebTonic Services Pvt Ltd Software Authentication Bypass Backdoor Access Vulnerability
Giribala Creative Ventures Fluent Technology Software Authentication Bypass Backdoor Access Vulnerability
BKS EBK Ethernet-Buskoppler Pro Shell Upload
Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution
WordPress Ultimate-Member Plugins 2.0.38 CSRF Backdoor Access
WordPress MM-Forms-Community Plugins 2.2.7 Backdoor Access and SQL Injection Vulnerability
WordPress pitajte-strucnjaka Plugins 4.9.6 Backdoor Access Vulnerability
WordPress category-page-icons Plugins 3.6.1 CSRF Backdoor Access Vulnerability
Joomla Codextrous Com_B2jcontact Components 2.1.17 Shell Upload Vulnerability
Design & Developed by SoftBd Ltd. Bangladesh Education Portals Multiple Vulnerabilities
ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload
Gardenoma Remote File Upload Vulnerability
WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability
LifeRay (Fckeditor) Arbitrary File Upload Vulnerability
phpCollab 2.5.1 Arbitrary File Upload
PhpCollab 2.5.1 Shell Upload
Nuxeo Platform 6.x / 7.x Shell Upload
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
Matt Bergin (@thatguyl...
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
Cisco Firepower Threat Management Command Execution
WordPress Daily Edition 1.6.2 File Upload
Intrexx Professional 6.0 / 5.2 Remote Code Execution
HelpDEZk 1.0.1 Unrestricted File Upload
High-Tech Bridge Secur...
WordPress E-Commerce 184.108.40.206 File Upload / XSS / CSRF / Code Execution
DMXReady Registration Manager Arbitrary File Upload Vulnerability
CVEMAP Search Results
Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.
ClipSoft REXPERT 220.127.116.117 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrl30.ocx. That could lead to disclosure of sensitive information. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.
RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart.
Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.
** DISPUTED ** admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: "While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site."
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.
Back to Top