Lucene search
K

163 matches found

NVD
NVD
added 2019/03/06 10:29 p.m.13 views

CVE-2019-9617

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadFile URI...

8.8CVSS9AI score0.02749EPSS
Exploits1References1
Prion
Prion
added 2019/03/06 10:29 p.m.11 views

Code injection

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadFile URI...

6.5CVSS9AI score0.02749EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/03/06 10:29 p.m.4 views

CVE-2019-9612

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...

8.8CVSS6.1AI score0.02695EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/06 10:0 p.m.16 views

CVE-2019-9611

An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?respath=res directory traversal, with ../ in the dir parameter, to write arbitrary content in the filecontent parameter into an arbitrary file specified by the filename parameter. This is related to the...

6.5AI score0.01441EPSS
Exploits1References1
CVE
CVE
added 2019/03/06 10:0 p.m.45 views

CVE-2019-9614

CVE-2019-9614 affects OFCMS prior to 1.1.3. A command injection vulnerability exists in a template file that uses ${ ex('') }, enabling execution of arbitrary commands. Multiple connected sources corroborate this flaw and specify that the vulnerability arises from a Freemarker-based template mec...

8.8CVSS8.6AI score0.0257EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/03/06 10:0 p.m.19 views

CVE-2019-9613

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...

7.4AI score0.02708EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/06 10:0 p.m.14 views

CVE-2019-9612

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...

9AI score0.02695EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/06 10:0 p.m.18 views

CVE-2019-9616

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadScrawl URI...

7.4AI score0.02708EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/06 10:0 p.m.17 views

CVE-2019-9609

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/editUploadImage URI...

9AI score0.02695EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/06 10:0 p.m.16 views

CVE-2019-9610

An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?respath=res&updir=../ directory traversal, related to the getTemplates function in TemplateController.java...

4.7AI score0.01362EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/06 10:0 p.m.21 views

CVE-2019-9615

An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java...

7.2AI score0.01298EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/06 10:0 p.m.18 views

CVE-2019-9608

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadImage URI...

9AI score0.02695EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/06 10:0 p.m.18 views

CVE-2019-9617

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadFile URI...

9AI score0.02749EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/06 10:0 p.m.14 views

CVE-2019-9614

An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with ' $ ex"' followed by the command...

8.8AI score0.0257EPSS
Exploits1References1
CVE
CVE
added 2019/03/06 10:0 p.m.47 views

CVE-2019-9608

CVE-2019-9608 affects OFCMS prior to 1.1.3. The vulnerability arises in the backend ueditor/uploadImage path where blocking of .jsp/.jspx files does not account for file.jsp::$DATA, enabling remote attackers to execute arbitrary code. Public references in CNVD, NVD and Red Hat records corroborate...

8.8CVSS8.9AI score0.02695EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/03/06 10:0 p.m.47 views

CVE-2019-9611

CVE-2019-9611 affects OFCMS prior to 1.1.3. The issue enables a directory traversal via the admin/cms/template/getTemplates.html?res_path=res parameter, allowing ../ in dir to write arbitrary content (file_content) to an arbitrary file (file_name). Root cause: save function in TemplateController....

6.5CVSS6.5AI score0.01441EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/03/06 10:0 p.m.47 views

CVE-2019-9609

CVE-2019-9609 affects OFCMS prior to 1.1.3. The issue arises because blocking of .jsp/.jspx files does not account for file.jsp::$DATA when targeting the admin/comn/service/editUploadImage URI, enabling remote attackers to execute arbitrary code. Product: OFCMS; version: before 1.1.3; component: ...

8.8CVSS8.9AI score0.02695EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/03/06 10:0 p.m.45 views

CVE-2019-9617

CVE-2019-9617 affects OFCMS prior to 1.1.3. The issue is a remote code execution vector where blocking of *.jsp and *.jspx files does not consider file.jsp::$DATA in the admin/ueditor/uploadFile URI, enabling arbitrary code execution. The connected sources confirm the affected product/version and...

8.8CVSS8.9AI score0.02749EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/03/06 10:0 p.m.45 views

CVE-2019-9613

CVE-2019-9613 affects OFCMS prior to 1.1.3. The issue arises in the backend ueditor/uploadVideo handling where blocking of .jsp and .jspx files fails to consider file.jsp::$DATA, enabling remote attackers to execute arbitrary code via the admin/ueditor/uploadVideo URI. Documents consistently desc...

7.2CVSS7.3AI score0.02708EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/03/06 10:0 p.m.43 views

CVE-2019-9615

CVE-2019-9615 affects OFCMS prior to 1.1.3. The backend SQL injection is reachable via admin/system/generate/create?sql= and is attributed to SystemGenerateController.java. The vulnerability allows injection through the SQL parameter, enabling a attacker-controlled query that could impact data in...

7.2CVSS7.1AI score0.01298EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder