Total
3867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18830 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code.
|
|||||
| CVE-2018-18793 | 1 School Event Management System Project | 1 School Event Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
|
|||||
| CVE-2018-18771 | 1 Lulucms | 1 Lulu Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields.
|
|||||
| CVE-2018-18752 | 1 Webiness Project | 1 Webiness Inventory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.
|
|||||
| CVE-2018-18572 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.
|
|||||
| CVE-2018-18565 | 1 Roche | 10 Accu-chek Inform Ii, Accu-chek Inform Ii Firmware, Coaguchek Pro Ii and 7 more | 2024-11-21 | 4.1 MEDIUM | 6.8 MEDIUM |
|
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). A vulnerability in the software update mechanism allows authenticated attackers in ...
Show More |
|||||
| CVE-2018-18563 | 1 Roche | 10 Accu-chek Inform Ii, Accu-chek Inform Ii Firmware, Coaguchek Pro Ii and 7 more | 2024-11-21 | 8.3 HIGH | 9.6 CRITICAL |
|
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). Improper access control to a service command allows attackers in the adjacent networ ...
Show More |
|||||
| CVE-2018-18475 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
|
|||||
| CVE-2018-18382 | 1 Coderpixel | 1 Advanced Hrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
|
|||||
| CVE-2018-18315 | 1 Mossle | 1 Lemon | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.
|
|||||
| CVE-2018-18086 | 1 Phome | 1 Empirecms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.
|
|||||
| CVE-2018-17936 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.
|
|||||
| CVE-2018-17573 | 1 Smartlogix | 1 Wp-insert | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html.
|
|||||
| CVE-2018-17553 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.
|
|||||
| CVE-2018-17442 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.
|
|||||
| CVE-2018-17440 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
|
|||||
| CVE-2018-17418 | 1 Monstra | 1 Monstra | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.
|
|||||
| CVE-2018-17139 | 1 Ultimatefosters | 1 Ultimatepos | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.
|
|||||
| CVE-2018-17058 | 1 Jaba | 1 Jaba Xpress | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs in FileUploader.aspx by using empty w and h parameters. This file may contain arbitrary aspx code that may be executed by accessing /Jec/ProductImages/<number>/<filename>. Accessing the file once uploade ...
Show More |
|||||
| CVE-2018-17055 | 1 Progress | 1 Sitefinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.
|
|||||
| CVE-2018-16974 | 1 Elefantcms | 1 Elefant | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist).
|
|||||
| CVE-2018-16821 | 1 Seacms | 1 Seacms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
|
|||||
| CVE-2018-16796 | 1 Hiscout | 1 Grc Suite | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types.
|
|||||
| CVE-2018-16731 | 1 Chshcms | 1 Cscms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
|
|||||
| CVE-2018-16397 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,
|
|||||
| CVE-2018-16388 | 1 E107 | 1 E107 | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
|
|||||
| CVE-2018-16373 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.
|
|||||
| CVE-2018-16370 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive.
|
|||||
| CVE-2018-16352 | 1 Weaselcms Project | 1 Weaselcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used.
|
|||||
| CVE-2018-16287 | 1 Lg | 1 Supersign Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
|
|||||
| CVE-2018-16169 | 1 Cybozu | 1 Remote Service Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors.
|
|||||
| CVE-2018-16097 | 1 Lenovo | 1 Xclarity Integrator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.
|
|||||
| CVE-2018-16093 | 1 Lenovo | 1 Xclarity Integrator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.
|
|||||
| CVE-2018-15882 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.
|
|||||
| CVE-2018-15537 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
|
|||||
| CVE-2018-15424 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 6.5 MEDIUM | 4.7 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.
|
|||||
| CVE-2018-15333 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps.
|
|||||
| CVE-2018-15139 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
|
|||||
| CVE-2018-15137 | 1 Cela Link | 2 Clr-m20, Clr-m20 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.
|
|||||
| CVE-2018-14911 | 1 Ukcms | 1 Ukcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka "Allow upload file suffix") setting, and must use "php,ph ...
Show More |
|||||