Total
3042 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16821 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. | ||||
| CVE-2018-16796 | 1 Hiscout | 1 Grc Suite | 2024-11-21 | N/A |
| HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. | ||||
| CVE-2018-16731 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. | ||||
| CVE-2018-16397 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | N/A |
| In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, | ||||
| CVE-2018-16388 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | ||||
| CVE-2018-16373 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. | ||||
| CVE-2018-16370 | 1 Pescms | 1 Pescms Team | 2024-11-21 | N/A |
| In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. | ||||
| CVE-2018-16352 | 1 Weaselcms Project | 1 Weaselcms | 2024-11-21 | N/A |
| There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used. | ||||
| CVE-2018-16287 | 1 Lg | 1 Supersign Cms | 2024-11-21 | N/A |
| LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. | ||||
| CVE-2018-16169 | 1 Cybozu | 1 Remote Service Manager | 2024-11-21 | N/A |
| Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors. | ||||
| CVE-2018-16097 | 1 Lenovo | 1 Xclarity Integrator | 2024-11-21 | N/A |
| LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate. | ||||
| CVE-2018-16093 | 1 Lenovo | 1 Xclarity Integrator | 2024-11-21 | N/A |
| In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file. | ||||
| CVE-2018-15882 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter. | ||||
| CVE-2018-15537 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-11-21 | N/A |
| Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. | ||||
| CVE-2018-15333 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | N/A |
| On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps. | ||||
| CVE-2018-15139 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.8 High |
| Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. | ||||
| CVE-2018-15137 | 1 Cela Link | 2 Clr-m20, Clr-m20 Firmware | 2024-11-21 | N/A |
| CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method. | ||||
| CVE-2018-14911 | 1 Ukcms | 1 Ukcms | 2024-11-21 | N/A |
| A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka "Allow upload file suffix") setting, and must use "php,php" in this setting to bypass the "php" restriction. | ||||
| CVE-2018-14857 | 1 Ocsinventory-ng | 1 Ocs Inventory Server | 2024-11-21 | N/A |
| Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. | ||||
| CVE-2018-14570 | 1 Niushop | 1 B2b2c Multi-business | 2024-11-21 | N/A |
| A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. This results in arbitrary code execution by requesting that .php file. | ||||