CVE-2020-11950

VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x and before XXXXX-VVTK-0XXXXBeta2 allows an authenticated user to upload and execute a script with resultant execution of OS commands. For example, this affects IT9388-HT devices...

CVE-2020-11629

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...

CVE-2020-9380

IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script...

CVE-2020-9380

IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script...

CVE-2020-9380

The CVE-2020-9380 entry concerns IPTV Smarters WEB TV PLAYER prior to 2020-02-22, where uploading a script enables an attacker to execute OS commands. The Red Hat entry and related advisories corroborate the issue description but do not provide product-specific version ranges or remediation steps...

Remote code execution

controllers/pageapply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume...

Prima Access Control 2.3.35 Script Upload Remote Code Execution

Prima Access Control 2.3.35 Authenticated Python Script Upload Root RCE CVE: CVE-2019-9189 Advisory: https://applied-risk.com/resources/ar-2019-007 Paper: https://applied-risk.com/resources/i-own-your-building-management-system Discovered by Gjoko 'LiquidWorm' Krstic --- POST /bin/sysfcgi.fx...

Unspecified Vulnerability in Backdrop CMS

Backdrop CMS is an open source content management system CMS. A security vulnerability exists in Backdrop CMS versions 1.12.x prior to 1.12.8 and 1.13.x prior to 1.13.3, which stems from the program's failure to adequately check uploaded archive files. An attacker can exploit the vulnerability to...

DEBIAN-CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

AZL-44598 CVE-2019-13464 affecting package mod_security_crs 3.0.0-11

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

CVE-2019-12744

SeedDMS prior to 5.1.11 is affected by CVE-2019-12744 due to an unvalidated file upload of PHP scripts, enabling Remote Command Execution over the network. The root cause is the upload of PHP-backdoor-like content into documents, allowing execution of arbitrary commands on the server when the upl...

Prima Systems FlexAir Script Upload Execution Vulnerability

Prima Systems FlexAir is an access control system from Prima Systems in Slovenia. A security vulnerability in Prima Systems FlexAir when configuring the main central controller allows remote attackers to exploit the vulnerability by submitting a special Python script request that can execute...

CVE-2019-9189

Summary of CVE-2019-9189 (FlexAir): Prima Systems FlexAir, versions 2.4.9api3 and earlier, allows uploading arbitrary Python scripts when configuring the main central controller. These scripts can be executed immediately with root privileges, enabling an authenticated attacker to gain full system...

Arbitrary File Upload Vulnerability in Employment Information Network

Huimeng Software is committed to improving the information management level of enterprises or government organizations through professional products and services. The Employment Information Network has an arbitrary file upload vulnerability that can be exploited by an attacker to log in to the...

CVE-2013-7465

Ice Cold Apps Servers Ultimate 6.0.212 does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts...

File upload vulnerability in XiaoCms Enterprise Website Edition (XiaoCms企业建站版)

Based on PHP+Mysql architecture, XiaoCms Enterprise Builder is a small, flexible, simple and easy-to-use lightweight cms. XiaoCms Enterprise Website Builder has a file upload vulnerability that can be exploited by attackers to upload malicious scripts to gain administrator privileges...

HongCMS Arbitrary Script File Upload Vulnerability

HongCMS is an open source lightweight content management system CMS. HongCMS 3.0.0 suffers from an arbitrary script file upload vulnerability. An attacker can exploit this vulnerability by uploading arbitrary script files via admin/index.php/template/upload URI to execute PHP code...

CVE-2018-13021

An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...

CVE-2018-13021

An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...