Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10562 | 1 Devome | 1 Grr | 2020-03-18 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads. | |||||
| CVE-2020-10557 | 1 Atutor | 1 Acontent | 2020-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions. | |||||
| CVE-2020-6965 | 1 Gehealthcare | 18 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape B450 Monitor and 15 more | 2020-03-17 | 6.5 MEDIUM | 9.9 CRITICAL |
| In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package. | |||||
| CVE-2018-6860 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2020-03-11 | 6.5 MEDIUM | 8.8 HIGH |
| Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture. | |||||
| CVE-2016-6918 | 1 Lexmark | 1 Markvision Enterprise | 2020-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. ( | |||||
| CVE-2015-7339 | 1 Widgetfactorylimited | 1 Jce | 2020-03-10 | 6.5 MEDIUM | 8.8 HIGH |
| JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script. | |||||
| CVE-2020-9380 | 1 Whmcssmarters | 1 Web Tv Player | 2020-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script. | |||||
| CVE-2020-5256 | 1 Bookstackapp | 1 Bookstack | 2020-03-10 | 9.0 HIGH | 8.8 HIGH |
| BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability. | |||||
| CVE-2015-7341 | 1 Joobi | 1 Jnews | 2020-03-10 | 6.5 MEDIUM | 8.8 HIGH |
| JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. | |||||
| CVE-2020-10224 | 1 Phpgurukul | 1 Phpgurukul Online Book Store | 2020-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution. | |||||
| CVE-2020-10225 | 1 Phpgurukul | 1 Phpgurukul Job Portal | 2020-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution. | |||||
| CVE-2020-8500 | 1 Artica | 1 Pandora Fms | 2020-03-09 | 6.5 MEDIUM | 7.2 HIGH |
| ** DISPUTED ** In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality. | |||||
| CVE-2018-19798 | 1 Fleetco | 1 Fleet Maintenance Management | 2020-03-04 | 6.5 MEDIUM | 8.8 HIGH |
| Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidents_add.php?submit=1 URI, as demonstrated by the value_Images_1 field, which leads to remote command execution on the remote server. Any authenticated user can exploit this. | |||||
| CVE-2018-17058 | 1 Jaba | 1 Jaba Xpress | 2020-03-04 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs in FileUploader.aspx by using empty w and h parameters. This file may contain arbitrary aspx code that may be executed by accessing /Jec/ProductImages/<number>/<filename>. Accessing the file once uploaded does not require authentication. | |||||
| CVE-2016-11020 | 1 Kunena | 1 Kunena | 2020-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. | |||||
| CVE-2011-4908 | 1 Tiny | 1 Tinybrowser | 2020-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. | |||||
| CVE-2011-4906 | 1 Tiny | 1 Tinybrowser | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. | |||||
| CVE-2020-6975 | 1 Digi | 3 Connectport Lts 32 Mei, Connectport Lts 32 Mei Bios, Connectport Lts 32 Mei Firmware | 2020-02-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application. | |||||
| CVE-2018-12263 | 1 Portfoliocms Project | 1 Portfoliocms | 2020-02-20 | 6.5 MEDIUM | 8.8 HIGH |
| portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI. | |||||
| CVE-2013-2057 | 1 Yabb | 1 Yabb | 2020-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability | |||||