• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2019-7816

February 26, 2023 by

ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2019-7669

February 26, 2023 by

Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges.

CVE-2019-7684

February 26, 2023 by

inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java). The attacker uses the /video/uploadvideo fileType parameter to change the list of acceptable extensions from jpg,gif,png,jpeg to jpg,gif,png,jsp,jpeg.

CVE-2019-7721

February 26, 2023 by

lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters.

CVE-2019-7257

February 26, 2023 by

Linear eMerge E3-Series devices allow Unrestricted File Upload.

CVE-2019-7268

February 26, 2023 by

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 77
  • Go to page 78
  • Go to page 79
  • Go to page 80
  • Go to page 81
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE