Total
3059 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0971 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974. | |||||
| CVE-2020-0932 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974. | |||||
| CVE-2020-0931 | 1 Microsoft | 4 Business Productivity Servers, Sharepoint Enterprise Server, Sharepoint Foundation and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | |||||
| CVE-2020-0929 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | |||||
| CVE-2020-0920 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | |||||
| CVE-2019-9951 | 1 Western Digital | 15 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 12 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage. | |||||
| CVE-2019-9842 | 1 Miniblog Project | 1 Miniblog | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension. | |||||
| CVE-2019-9825 | 1 Feifeicms | 1 Feifeicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature. | |||||
| CVE-2019-9692 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). | |||||
| CVE-2019-9642 | 1 Pydio | 1 Pydio | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a proxy.php?hash=../../../../../var/lib/pydio/data/personal/guest/PoC.php request. This is related to plugins/action.share/src/Store/ShareStore.php. | |||||
| CVE-2019-9623 | 1 Fengoffice | 1 Feng Office | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php. | |||||
| CVE-2019-9617 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI. | |||||
| CVE-2019-9613 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI. | |||||
| CVE-2019-9612 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI. | |||||
| CVE-2019-9609 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI. | |||||
| CVE-2019-9608 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI. | |||||
| CVE-2019-9581 | 1 Twinkletoessoftware | 1 Booked | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension. | |||||
| CVE-2019-9572 | 1 Schoolcms | 1 Schoolcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of arbitrary PHP code in Public\Home\1_Static.php because of mishandling in the Application\Admin\Controller\ThemeController.class.php Upload() function. | |||||
| CVE-2019-9189 | 1 Primasystems | 1 Flexair | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access. | |||||
| CVE-2019-9185 | 1 Boltcms | 1 Bolt | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. | |||||