CVE | Vendors | Products | Updated | CVSS |
---|---|---|---|---|
CVE-2011-4183 | 1Opensuse | 1Open Build Service | 2019-10-09 | 7.5 |
A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. | ||||
CVE-2019-15748 | 1Sitos | 1Sitos Six | 2019-10-09 | 7.5 |
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that... | ||||
CVE-2019-15751 | 1Sitos | 1Sitos Six | 2019-10-09 | 10.0 |
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file... | ||||
CVE-2019-4013 | 1Ibm | 1Bigfix Platform | 2019-10-07 | 9.0 |
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887. | ||||
CVE-2019-17046 | 1Ilch | 1Ilch Cms | 2019-10-04 | 9.0 |
Ilch 2.1.22 allows remote code execution because php is listed under 'Allowed files' on the index.php/admin/media/settings/index page. | ||||
CVE-2018-18563 | 2019-10-03 | 8.3 | ||
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS... | ||||
CVE-2017-2699 | 2019-10-03 | 6.8 | ||
The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme... | ||||
CVE-2017-8080 | 1Atlassian | 1Hipchat Server | 2019-10-03 | 6.5 |
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | ||||
CVE-2017-6931 | 1Drupal | 1Drupal | 2019-10-03 | 4.0 |
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom... | ||||
CVE-2017-12678 | 1Taglib | 1Taglib | 2019-10-03 | 6.8 |
In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. | ||||
CVE-2017-11404 | 1Cmsmadesimple | 1Cms Made Simple | 2019-10-03 | 4.0 |
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | ||||
CVE-2017-13156 | 1Google | 1Android | 2019-10-03 | 7.2 |
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847. | ||||
CVE-2017-17593 | 1Simple Chatting System Project | 1Simple Chatting System | 2019-10-03 | 5.0 |
Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. | ||||
CVE-2017-11405 | 1Cmsmadesimple | 1Cms Made Simple | 2019-10-03 | 4.0 |
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed... | ||||
CVE-2017-11326 | 1Tilde Cms Project | 1Tilde Cms | 2019-10-03 | 5.0 |
An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation. | ||||
CVE-2017-5520 | 1Metalgenix | 1Genixcms | 2019-10-03 | 6.5 |
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. | ||||
CVE-2017-6104 | 2Mobile App Builder, Zen Mobile App Native Project | 2Mobile App Builder Plugin, Zen Mobile App Native | 2019-10-03 | 5.0 |
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. | ||||
CVE-2019-15862 | 2019-10-02 | 5.0 | ||
An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This... | ||||
CVE-2019-14916 | 1Prise | 1Adas | 2019-09-27 | 4.0 |
An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload. | ||||
CVE-2019-16720 | 1Zzzcms | 1Zzzphp | 2019-09-23 | 5.0 |
ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. |