CWE:
 

Topic
Date
Author
Med.
EwebTonic Services Pvt Ltd Software Authentication Bypass Backdoor Access Vulnerability
17.09.2019
KingSkrupellos
Med.
Giribala Creative Ventures Fluent Technology Software Authentication Bypass Backdoor Access Vulnerability
15.09.2019
KingSkrupellos
High
BKS EBK Ethernet-Buskoppler Pro Shell Upload
05.07.2019
Sebastian Auwaerter
High
Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution
28.04.2019
Cisco Talos
Med.
WordPress Ultimate-Member Plugins 2.0.38 CSRF Backdoor Access
04.02.2019
KingSkrupellos
Med.
WordPress MM-Forms-Community Plugins 2.2.7 Backdoor Access and SQL Injection Vulnerability
27.01.2019
KingSkrupellos
Med.
WordPress pitajte-strucnjaka Plugins 4.9.6 Backdoor Access Vulnerability
27.01.2019
KingSkrupellos
Med.
WordPress category-page-icons Plugins 3.6.1 CSRF Backdoor Access Vulnerability
18.01.2019
KingSkrupellos
High
Joomla Codextrous Com_B2jcontact Components 2.1.17 Shell Upload Vulnerability
09.01.2019
KingSkrupellos
Med.
Design & Developed by SoftBd Ltd. Bangladesh Education Portals Multiple Vulnerabilities
04.09.2018
KingSkrupellos
Med.
ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload
18.06.2018
L0RD
Med.
Gardenoma Remote File Upload Vulnerability
11.06.2018
Mr.T959
Med.
WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability
08.06.2018
KingSkrupellos
Med.
LifeRay (Fckeditor) Arbitrary File Upload Vulnerability
06.05.2018
Mostafa Gharzi
High
phpCollab 2.5.1 Arbitrary File Upload
03.10.2017
Sysdream
High
PhpCollab 2.5.1 Shell Upload
30.09.2017
SYSDREAM
High
Nuxeo Platform 6.x / 7.x Shell Upload
24.03.2017
SYSDREAM Labs
High
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
18.02.2017
Matt Bergin (@thatguyl...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
18.02.2017
Matt Bergin
High
Cisco Firepower Threat Management Command Execution
06.10.2016
Matt Bergin
High
WordPress Daily Edition 1.6.2 File Upload
10.03.2015
Wang Jing
High
Intrexx Professional 6.0 / 5.2 Remote Code Execution
16.12.2014
Christian Schneider
High
HelpDEZk 1.0.1 Unrestricted File Upload
06.11.2014
High-Tech Bridge Secur...
High
WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution
24.01.2014
KedAns-Dz
High
DMXReady Registration Manager Arbitrary File Upload Vulnerability
30.06.2009
Securitylab


CVEMAP Search Results

CVE
Details
Description
2019-09-18
Medium
CVE-2019-14252

Vendor: Publisure
Software: Publisure
 

 
An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if removed from the adminCons.php view (i.e., the rogue PHP file can be hidden).

 
Medium
CVE-2019-15843

Vendor: MI
Software: Xiaomi mille...
 

 
A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing.

 
Medium
CVE-2016-10995

Vendor: Templatic
Software: Telvolution
 

 
The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php.

 
2019-09-17
Medium
CVE-2019-6839

Updating...
 

 
An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to upload a rogue file.

 
Medium
CVE-2019-15131

Vendor: Code42
Software: Code42
 

 
In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.

 
2019-09-16
Medium
CVE-2016-10958

Vendor: Estatik
Software: Estatik
 

 
The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.

 
Low
CVE-2016-10959

Vendor: Estatik
Software: Estatik
 

 
The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.

 
2019-09-14
Medium
CVE-2019-16318

Vendor: Pimcore
Software: Pimcore
 

 
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.

 
2019-09-13
Medium
CVE-2016-10955

Vendor: Cysteme
Software: Cysteme-finder
 

 
The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.

 
Medium
CVE-2016-10954

Updating...
 

 
The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top