CWE:
 

Tytuł
Data
Autor
Med.
Designed By Sevy INC. - SQL Injection Vulnerability, Unrestricted File Upload Vulnerability and Default Admin Credentials
06.07.2022
MR.$UD0
High
WordPress Catch Themes Demo Import 1.6.1 Shell Upload
11.12.2021
Ron Jost
High
WordPress SP Project And Document Manager 4.21 Shell Upload
08.07.2021
Ron Jost
High
WordPress Modern Events Calendar 5.16.2 Shell Upload
02.07.2021
Ron Jost
High
OpenEMR 5.0.1.3 Shell Upload
14.06.2021
Ron Jost
High
VisualWare MyConnection Server 11.x Remote Code Execution
28.02.2021
Ryan Wincey
High
Moodle 3.8 Arbitary File Upload
30.11.2020
Sirwan Veisi
High
XUpload Remote File Upload Vulnerability
04.11.2020
h4shur
High
Typesetter CMS 5.1 Remote Code Execution
07.10.2020
Rodolfo Tavares
High
ckeditor-elfinder Remote File Upload Vulnerability
21.09.2020
h4shur
High
Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload
13.07.2020
Vlad Vector
High
filemanager File Upload vulnerability
03.05.2020
h4shur
High
LifeRay CMS (Fckeditor) Arbitrary File Upload Vulnerability
10.04.2020
h4shur
High
NewsOne CMS – News, Magazine & Blog Script v1.1.0 Arbitrary File Upload
19.01.2020
m0ze
Med.
EwebTonic Services Pvt Ltd Software Authentication Bypass Backdoor Access Vulnerability
17.09.2019
KingSkrupellos
Med.
Giribala Creative Ventures Fluent Technology Software Authentication Bypass Backdoor Access Vulnerability
15.09.2019
KingSkrupellos
High
BKS EBK Ethernet-Buskoppler Pro Shell Upload
05.07.2019
Sebastian Auwaerter
High
Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution
28.04.2019
Cisco Talos
Med.
WordPress Ultimate-Member Plugins 2.0.38 CSRF Backdoor Access
04.02.2019
KingSkrupellos
Med.
WordPress MM-Forms-Community Plugins 2.2.7 Backdoor Access and SQL Injection Vulnerability
27.01.2019
KingSkrupellos
Med.
WordPress pitajte-strucnjaka Plugins 4.9.6 Backdoor Access Vulnerability
27.01.2019
KingSkrupellos
Med.
WordPress category-page-icons Plugins 3.6.1 CSRF Backdoor Access Vulnerability
18.01.2019
KingSkrupellos
High
Joomla Codextrous Com_B2jcontact Components 2.1.17 Shell Upload Vulnerability
09.01.2019
KingSkrupellos
Med.
Design & Developed by SoftBd Ltd. Bangladesh Education Portals Multiple Vulnerabilities
04.09.2018
KingSkrupellos
Med.
ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload
18.06.2018
L0RD
Med.
Gardenoma Remote File Upload Vulnerability
11.06.2018
Mr.T959
Med.
WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability
08.06.2018
KingSkrupellos
Med.
LifeRay (Fckeditor) Arbitrary File Upload Vulnerability
06.05.2018
Mostafa Gharzi
High
phpCollab 2.5.1 Arbitrary File Upload
03.10.2017
Sysdream
High
PhpCollab 2.5.1 Shell Upload
30.09.2017
SYSDREAM
High
Nuxeo Platform 6.x / 7.x Shell Upload
24.03.2017
SYSDREAM Labs
High
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
18.02.2017
Matt Bergin (@thatguyl...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
18.02.2017
Matt Bergin
High
Cisco Firepower Threat Management Command Execution
06.10.2016
Matt Bergin
High
WordPress Daily Edition 1.6.2 File Upload
10.03.2015
Wang Jing
High
Intrexx Professional 6.0 / 5.2 Remote Code Execution
16.12.2014
Christian Schneider
High
HelpDEZk 1.0.1 Unrestricted File Upload
06.11.2014
High-Tech Bridge Secur...
High
WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution
24.01.2014
KedAns-Dz
High
DMXReady Registration Manager Arbitrary File Upload Vulnerability
30.06.2009
Securitylab


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-09-29
Waiting for details
CVE-2022-36066

Updating...
 

 
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.

 
2022-09-26
Waiting for details
CVE-2022-3076

Updating...
 

 
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.

 
2022-09-21
Waiting for details
CVE-2022-2872

Updating...
 

 
Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.

 
2022-09-07
Waiting for details
CVE-2022-3129

Updating...
 

 
A vulnerability was found in codeprojects Online Driving School. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registration.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207872.

 
2022-08-23
Waiting for details
CVE-2022-36285

Updating...
 

 
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.

 
2022-08-20
Waiting for details
CVE-2022-2909

Updating...
 

 
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206845 was assigned to this vulnerability.

 
2022-08-15
Waiting for details
CVE-2022-2180

Updating...
 

 
The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE).

 
2022-08-12
Waiting for details
CVE-2022-2779

Updating...
 

 
A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file /gasmark/assets/myimages/oneWord.php. The manipulation of the argument shell leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206173 was assigned to this vulnerability.

 
Waiting for details
CVE-2022-2804

Updating...
 

 
A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/apply_vacancy.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206250 is the identifier assigned to this vulnerability.

 
2022-08-11
Waiting for details
CVE-2022-2751

Updating...
 

 
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206024.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top