CWE:
 

Tytuł
Data
Autor
High
WordPress SP Project And Document Manager 4.21 Shell Upload
08.07.2021
Ron Jost
High
WordPress Modern Events Calendar 5.16.2 Shell Upload
02.07.2021
Ron Jost
High
OpenEMR 5.0.1.3 Shell Upload
14.06.2021
Ron Jost
High
VisualWare MyConnection Server 11.x Remote Code Execution
28.02.2021
Ryan Wincey
High
Moodle 3.8 Arbitary File Upload
30.11.2020
Sirwan Veisi
High
XUpload Remote File Upload Vulnerability
04.11.2020
h4shur
High
Typesetter CMS 5.1 Remote Code Execution
07.10.2020
Rodolfo Tavares
High
ckeditor-elfinder Remote File Upload Vulnerability
21.09.2020
h4shur
High
Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload
13.07.2020
Vlad Vector
High
filemanager File Upload vulnerability
03.05.2020
h4shur
High
LifeRay CMS (Fckeditor) Arbitrary File Upload Vulnerability
10.04.2020
h4shur
High
NewsOne CMS – News, Magazine & Blog Script v1.1.0 Arbitrary File Upload
19.01.2020
m0ze
Med.
EwebTonic Services Pvt Ltd Software Authentication Bypass Backdoor Access Vulnerability
17.09.2019
KingSkrupellos
Med.
Giribala Creative Ventures Fluent Technology Software Authentication Bypass Backdoor Access Vulnerability
15.09.2019
KingSkrupellos
High
BKS EBK Ethernet-Buskoppler Pro Shell Upload
05.07.2019
Sebastian Auwaerter
High
Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution
28.04.2019
Cisco Talos
Med.
WordPress Ultimate-Member Plugins 2.0.38 CSRF Backdoor Access
04.02.2019
KingSkrupellos
Med.
WordPress MM-Forms-Community Plugins 2.2.7 Backdoor Access and SQL Injection Vulnerability
27.01.2019
KingSkrupellos
Med.
WordPress pitajte-strucnjaka Plugins 4.9.6 Backdoor Access Vulnerability
27.01.2019
KingSkrupellos
Med.
WordPress category-page-icons Plugins 3.6.1 CSRF Backdoor Access Vulnerability
18.01.2019
KingSkrupellos
High
Joomla Codextrous Com_B2jcontact Components 2.1.17 Shell Upload Vulnerability
09.01.2019
KingSkrupellos
Med.
Design & Developed by SoftBd Ltd. Bangladesh Education Portals Multiple Vulnerabilities
04.09.2018
KingSkrupellos
Med.
ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload
18.06.2018
L0RD
Med.
Gardenoma Remote File Upload Vulnerability
11.06.2018
Mr.T959
Med.
WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability
08.06.2018
KingSkrupellos
Med.
LifeRay (Fckeditor) Arbitrary File Upload Vulnerability
06.05.2018
Mostafa Gharzi
High
phpCollab 2.5.1 Arbitrary File Upload
03.10.2017
Sysdream
High
PhpCollab 2.5.1 Shell Upload
30.09.2017
SYSDREAM
High
Nuxeo Platform 6.x / 7.x Shell Upload
24.03.2017
SYSDREAM Labs
High
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
18.02.2017
Matt Bergin (@thatguyl...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
18.02.2017
Matt Bergin
High
Cisco Firepower Threat Management Command Execution
06.10.2016
Matt Bergin
High
WordPress Daily Edition 1.6.2 File Upload
10.03.2015
Wang Jing
High
Intrexx Professional 6.0 / 5.2 Remote Code Execution
16.12.2014
Christian Schneider
High
HelpDEZk 1.0.1 Unrestricted File Upload
06.11.2014
High-Tech Bridge Secur...
High
WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution
24.01.2014
KedAns-Dz
High
DMXReady Registration Manager Arbitrary File Upload Vulnerability
30.06.2009
Securitylab


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-12-06
High
CVE-2021-43936

Updating...
 

 
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.

 
2021-12-03
Medium
CVE-2021-23562

Vendor: TINY
Software: Plupload
 

 
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.

 
2021-12-02
Medium
CVE-2020-29176

Vendor: Zblogcn
Software: Z-blogphp
 

 
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file.

 
2021-11-30
Medium
CVE-2021-42099

Vendor: Zohocorp
Software: Manageengine...
 

 
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.

 
Medium
CVE-2021-42123

Vendor: Businessdnasolutions
Software: Topease
 

 

 
2021-11-28
Medium
CVE-2021-44093

Vendor: Zrlog
Software: Zrlog
 

 
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell

 
Medium
CVE-2021-44094

Vendor: Zrlog
Software: Zrlog
 

 
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file

 
2021-11-17
Medium
CVE-2021-42362

Vendor: Wordpress popular posts project
Software: Wordpress po...
 

 
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.

 
2021-11-15
High
CVE-2021-42839

Vendor: VICE
Software: Webopac
 

 

 
2021-11-14
Medium
CVE-2021-43617

Vendor: Laravel
Software: Framework
 

 
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top