Total
3256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7838 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7816 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7721 | 1 Nconsulting | 1 Nc-cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters. | |||||
| CVE-2019-7684 | 1 Inxedu | 1 Inxedu | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java). The attacker uses the /video/uploadvideo fileType parameter to change the list of acceptable extensions from jpg,gif,png,jpeg to jpg,gif,png,jsp,jpeg. | |||||
| CVE-2019-7669 | 1 Primasystems | 1 Flexair | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges. | |||||
| CVE-2019-7274 | 1 Optergy | 2 Enterprise, Proton | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. | |||||
| CVE-2019-7268 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. | |||||
| CVE-2019-7257 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| Linear eMerge E3-Series devices allow Unrestricted File Upload. | |||||
| CVE-2019-6839 | 1 Schneider-electric | 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to upload a rogue file. | |||||
| CVE-2019-6139 | 1 Forcepoint | 1 User Id | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface. | |||||
| CVE-2019-5395 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | |||||
| CVE-2019-5357 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5009 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php. | |||||
| CVE-2019-4612 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523. | |||||
| CVE-2019-4292 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698. | |||||
| CVE-2019-4130 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280. | |||||
| CVE-2019-4069 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014. | |||||
| CVE-2019-4056 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565. | |||||
| CVE-2019-4013 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 9.0 HIGH | 9.0 CRITICAL |
| IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887. | |||||
| CVE-2019-3960 | 1 Wallaceit | 1 Wallacepos | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. | |||||