Lucene search
K

49 matches found

OSV
OSV
added 2020/12/23 3:15 a.m.5 views

CVE-2020-35657

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. NOTE: this is unrelated to the JAWS aka Job Access With Speech product...

7.2CVSS7.3AI score0.02403EPSS
Exploits1References2
CNVD
CNVD
added 2020/05/12 12:0 a.m.7 views

Pi-hole code issue vulnerability

Pi-hole is a web-grade ad-blocking application from Pi-hole.Gravity updater is an auto-updating plugin used in it. A code issue vulnerability exists in gravityDownloadBlocklistFromUrl in Gravity updater in Pi-hole 4.4 and prior versions. An attacker can exploit this vulnerability to write a PHP...

9CVSS7AI score0.78262EPSS
Exploits17References1
Cvelist
Cvelist
added 2019/02/19 2:0 a.m.23 views

CVE-2019-8933

In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory without being blocked by the Web Application Firewall, and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on...

8.8AI score0.03433EPSS
Exploits1References1
NVD
NVD
added 2018/08/10 4:29 p.m.17 views

CVE-2018-14028

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...

7.2CVSS7.1AI score0.17722EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/08/10 4:0 p.m.26 views

CVE-2018-14028

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...

7.7AI score0.17722EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/09/04 8:0 p.m.18 views

CVE-2017-14123

Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by...

8.8AI score0.06055EPSS
Exploits1References2
exploitpack
exploitpack
added 2012/06/05 12:0 a.m.8 views

WordPress Plugin WP-Property 1.35.0 - Arbitrary File Upload

WordPress Plugin WP-Property 1.35.0 - Arbitrary File Upload Description : Wordpress Plugins - WP-Property - WordPress Powered Real Estate and Property Management Shell Upload Vulnerability Version : 1.35.0 Link : http://wordpress.org/extend/plugins/wp-property/ Plugins :...

0.8AI score
Exploits0
NVD
NVD
added 2004/12/31 5:0 a.m.18 views

CVE-2004-2255

Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename...

6.4CVSS6.9AI score0.01983EPSS
Exploits0References7
Exploit DB
Exploit DB
added 2003/01/06 12:0 a.m.26 views

S8Forum 3.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/6547/info S8Forum is prone to a remote command execution vulnerability. When a user registers with the forum, a file is created locally with the specified username. The contents of this file will be the data entered by the user. As a result, a malicious...

7.4AI score
Exploits0
Rows per page
Query Builder