• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2019-20451

February 26, 2023 by

The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be downloaded.)

CVE-2019-20385

February 26, 2023 by

The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/* content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI.

CVE-2019-20183

February 26, 2023 by

uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension.

CVE-2019-20048

February 26, 2023 by

An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM.

CVE-2019-19925

February 26, 2023 by

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

CVE-2019-19745

February 26, 2023 by

Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 81
  • Go to page 82
  • Go to page 83
  • Go to page 84
  • Go to page 85
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE