Total
3131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14657 | 1 Yeahlink | 6 T49g, T49g Firmware, T58v and 3 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root. | |||||
| CVE-2019-14656 | 1 Yeahlink | 6 T49g, T49g Firmware, T58v and 3 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP. | |||||
| CVE-2019-14467 | 1 Infoway | 1 Social Photo Gallery | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked. | |||||
| CVE-2019-14451 | 1 Repetier-server | 1 Repetier-server | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. | |||||
| CVE-2019-14252 | 1 Publisure | 1 Publisure | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if removed from the adminCons.php view (i.e., the rogue PHP file can be hidden). | |||||
| CVE-2019-13984 | 1 Rangerstudio | 1 Directus 7 Api | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File. | |||||
| CVE-2019-13980 | 1 Rangerstudio | 1 Directus 7 Api | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. | |||||
| CVE-2019-13979 | 1 Rangerstudio | 1 Directus 7 Api | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. | |||||
| CVE-2019-13976 | 1 Egain | 1 Chat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| eGain Chat 15.0.3 allows unrestricted file upload. | |||||
| CVE-2019-13973 | 1 Layerbb | 1 Layerbb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. | |||||
| CVE-2019-13464 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid. | |||||
| CVE-2019-13359 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. | |||||
| CVE-2019-13294 | 1 Arox | 1 School-erp | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system. | |||||
| CVE-2019-13187 | 1 Symphonyextensions | 1 Rich Text Formatter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php. | |||||
| CVE-2019-13082 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder and then this folder in a ZIP archive, the server will accept this file without any checks. Because one can access this file from the website, it is remote code execution. This is related to a scorm imsmanifest.xml file, the import_package function, and extraction in $courseSysDir.$newDir. | |||||
| CVE-2019-12971 | 1 G-u | 2 Bks Ebk Ethernet-buskoppler Pro, Bks Ebk Ethernet-buskoppler Pro Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type. | |||||
| CVE-2019-12803 | 1 Hunesion | 1 I-onenet | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command. | |||||
| CVE-2019-12744 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940. | |||||
| CVE-2019-12719 | 1 Auo | 1 Sunveillance Monitoring System \& Data Recorder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter. | |||||
| CVE-2019-12548 | 1 Bludit | 1 Bludit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. | |||||