Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10955 | 1 Cysteme | 1 Cysteme-finder | 2019-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. | |||||
| CVE-2018-9206 | 1 Jquery File Upload Project | 1 Jquery File Upload | 2019-09-11 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0 | |||||
| CVE-2019-16131 | 1 Phpok | 1 Oklite | 2019-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. | |||||
| CVE-2019-13187 | 1 Symphonyextensions | 1 Rich Text Formatter | 2019-09-06 | 7.5 HIGH | 9.8 CRITICAL |
| The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php. | |||||
| CVE-2019-15866 | 1 Crelly Slider Project | 1 Crelly Slider | 2019-09-05 | 6.5 MEDIUM | 8.8 HIGH |
| The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider. | |||||
| CVE-2019-13976 | 1 Egain | 1 Chat | 2019-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| eGain Chat 15.0.3 allows unrestricted file upload. | |||||
| CVE-2019-15649 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2019-08-30 | 6.5 MEDIUM | 8.8 HIGH |
| The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload. | |||||
| CVE-2019-15524 | 1 Cszcms | 1 Csz Cms | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI. | |||||
| CVE-2019-11031 | 1 Mirasys | 1 Mirasys Vms | 2019-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges. | |||||
| CVE-2017-18592 | 1 Wc-marketplace | 1 Wc Catalog Enquiry | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads. | |||||
| CVE-2018-18572 | 1 Oscommerce | 1 Oscommerce | 2019-08-29 | 6.5 MEDIUM | 7.2 HIGH |
| osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI. | |||||
| CVE-2015-9339 | 1 Iptanus | 1 Wordpress File Upload | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. | |||||
| CVE-2015-9338 | 1 Iptanus | 1 Wordpress File Upload | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. | |||||
| CVE-2015-9340 | 1 Iptanus | 1 Wordpress File Upload | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. | |||||
| CVE-2015-9341 | 1 Iptanus | 1 Wordpress File Upload | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. | |||||
| CVE-2019-15091 | 1 Artica | 1 Integria Ims | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. | |||||
| CVE-2019-14755 | 1 Leaftecnologia | 1 Leaf Admin | 2019-08-20 | 6.5 MEDIUM | 8.8 HIGH |
| The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type. | |||||
| CVE-2019-5395 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2019-08-16 | 6.5 MEDIUM | 8.8 HIGH |
| A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | |||||
| CVE-2019-14748 | 1 Osticket | 1 Osticket | 2019-08-14 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment. | |||||
| CVE-2018-20925 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379). | |||||