Total
3087 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10760 | 1 Projectpier | 1 Projectpier | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root. | ||||
| CVE-2018-10648 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | N/A |
| There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | ||||
| CVE-2018-10577 | 1 Watchguard | 8 Ap100, Ap100 Firmware, Ap102 and 5 more | 2024-11-21 | N/A |
| An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root. | ||||
| CVE-2018-10521 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory. | ||||
| CVE-2018-10469 | 1 B3log | 1 Symphony | 2024-11-21 | N/A |
| b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI. | ||||
| CVE-2018-10375 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is sent, but the filename ends in .php and contains PHP code. | ||||
| CVE-2018-10173 | 1 Digitalguardian | 1 Management Console | 2024-11-21 | N/A |
| Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality. | ||||
| CVE-2018-1000839 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | N/A |
| LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type. | ||||
| CVE-2018-1000811 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code. | ||||
| CVE-2018-1000658 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | N/A |
| LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4. | ||||
| CVE-2018-1000646 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | N/A |
| LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution. | ||||
| CVE-2018-1000619 | 1 Ovidentia | 1 Ovidentia | 2024-11-21 | N/A |
| Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons. | ||||
| CVE-2018-1000544 | 3 Debian, Redhat, Rubyzip Project | 4 Debian Linux, Cloudforms, Cloudforms Managementengine and 1 more | 2024-11-21 | 9.8 Critical |
| rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. | ||||
| CVE-2018-1000094 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension. | ||||
| CVE-2018-0686 | 1 Neo | 2 Debun Imap, Debun Pop | 2024-11-21 | N/A |
| Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors. | ||||
| CVE-2018-0645 | 1 Bit-part | 1 Mtappjquery | 2024-11-21 | N/A |
| MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. | ||||
| CVE-2018-0587 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors. | ||||
| CVE-2018-0571 | 1 Basercms | 1 Basercms | 2024-11-21 | N/A |
| baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. | ||||
| CVE-2018-0568 | 1 Sitebridge | 1 Joruri Gw | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors. | ||||
| CVE-2017-9970 | 1 Schneider-electric | 1 Struxureon Gateway | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution. | ||||