Tylko z CVE
Tylko z CWE
Świeża lista CVE
Sprawdź nr. CVE
Sprawdź nr. CWE
W bazie CVE
Po nr. CVE
Po nr. CWE
Designed By Sevy INC. - SQL Injection Vulnerability, Unrestricted File Upload Vulnerability and Default Admin Credentials
WordPress Catch Themes Demo Import 1.6.1 Shell Upload
WordPress SP Project And Document Manager 4.21 Shell Upload
WordPress Modern Events Calendar 5.16.2 Shell Upload
OpenEMR 184.108.40.206 Shell Upload
VisualWare MyConnection Server 11.x Remote Code Execution
Moodle 3.8 Arbitary File Upload
XUpload Remote File Upload Vulnerability
Typesetter CMS 5.1 Remote Code Execution
ckeditor-elfinder Remote File Upload Vulnerability
Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload
filemanager File Upload vulnerability
LifeRay CMS (Fckeditor) Arbitrary File Upload Vulnerability
NewsOne CMS – News, Magazine & Blog Script v1.1.0 Arbitrary File Upload
EwebTonic Services Pvt Ltd Software Authentication Bypass Backdoor Access Vulnerability
Giribala Creative Ventures Fluent Technology Software Authentication Bypass Backdoor Access Vulnerability
BKS EBK Ethernet-Buskoppler Pro Shell Upload
Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution
WordPress Ultimate-Member Plugins 2.0.38 CSRF Backdoor Access
WordPress MM-Forms-Community Plugins 2.2.7 Backdoor Access and SQL Injection Vulnerability
WordPress pitajte-strucnjaka Plugins 4.9.6 Backdoor Access Vulnerability
WordPress category-page-icons Plugins 3.6.1 CSRF Backdoor Access Vulnerability
Joomla Codextrous Com_B2jcontact Components 2.1.17 Shell Upload Vulnerability
Design & Developed by SoftBd Ltd. Bangladesh Education Portals Multiple Vulnerabilities
ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload
Gardenoma Remote File Upload Vulnerability
WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability
LifeRay (Fckeditor) Arbitrary File Upload Vulnerability
phpCollab 2.5.1 Arbitrary File Upload
PhpCollab 2.5.1 Shell Upload
Nuxeo Platform 6.x / 7.x Shell Upload
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
Matt Bergin (@thatguyl...
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
Cisco Firepower Threat Management Command Execution
WordPress Daily Edition 1.6.2 File Upload
Intrexx Professional 6.0 / 5.2 Remote Code Execution
HelpDEZk 1.0.1 Unrestricted File Upload
High-Tech Bridge Secur...
WordPress E-Commerce 220.127.116.11 File Upload / XSS / CSRF / Code Execution
DMXReady Registration Manager Arbitrary File Upload Vulnerability
Common Weakness Enumeration (CWE)
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.
Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.
A vulnerability was found in codeprojects Online Driving School. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registration.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207872.
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206845 was assigned to this vulnerability.
The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE).
A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file /gasmark/assets/myimages/oneWord.php. The manipulation of the argument shell leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206173 was assigned to this vulnerability.
A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/apply_vacancy.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206250 is the identifier assigned to this vulnerability.
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206024.
Back to Top