Lucene search
+L

109 matches found

CNNVD
CNNVD
added 2020/12/15 12:0 a.m.6 views

Weseek GROWI 路径遍历漏洞

GROWI is a team collaboration software. A directory traversal vulnerability exists in WESEEK GROWI, which can be exploited by remote attackers to alter data by uploading specially crafted files...

7.5CVSS6.6AI score0.02982EPSS
Exploits0References5
CNVD
CNVD
added 2020/06/04 12:0 a.m.2 views

Cisco IOS XE Command Injection Vulnerability (CNVD-2020-31962)

Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A command injection vulnerability exists in the Web UI of the Cisco IOS XE Software, which arises from the program not properly cleaning up input. The vulnerability can be exploite...

9CVSS7.9AI score0.02584EPSS
Exploits0References1
OSV
OSV
added 2020/06/03 6:15 p.m.2 views

CVE-2020-3212

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this...

7.2CVSS6.1AI score0.02584EPSS
Exploits0References1
OSV
OSV
added 2020/05/06 5:15 p.m.8 views

CVE-2020-3302

A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to overwrite files on the file system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

8.1CVSS6.8AI score0.01748EPSS
Exploits0References1
OSV
OSV
added 2019/11/12 7:15 p.m.2 views

CVE-2019-1443

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The...

6.5CVSS6.6AI score0.0537EPSS
Exploits0References1
Prion
Prion
added 2019/07/10 8:15 p.m.14 views

Design/Logic Flaw

In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update...

4.3CVSS5.5AI score0.00398EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/03/07 5:29 a.m.15 views

CVE-2019-9624

Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI...

7.8CVSS8AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/12/14 8:29 p.m.23 views

CVE-2018-20149

In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data...

5.4CVSS6.8AI score0.03443EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/07/08 3:0 p.m.23 views

CVE-2015-5457

PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php...

7.7AI score0.04681EPSS
Exploits1References6
Rows per page
Query Builder