|
211781
|
8.8 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the com…
|
CWE-74
Injection
|
CVE-2019-9614
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211782
|
7.2 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/uedito…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9613
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211783
|
8.8 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/s…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9612
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211784
|
6.5 |
MEDIUM
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_…
|
CWE-22
Path Traversal
|
CVE-2019-9611
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211785
|
4.3 |
MEDIUM
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java.
|
CWE-22
Path Traversal
|
CVE-2019-9610
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211786
|
8.8 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/s…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9609
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211787
|
8.8 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/uedito…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9608
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211788
|
5.3 |
MEDIUM
Network
|
medical_store_script_project
|
medical_store_script
|
PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file.
|
CWE-22
Path Traversal
|
CVE-2019-9607
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211789
|
5.4 |
MEDIUM
Network
|
personal_video_collection_script_project
|
personal_video_collection_script
|
PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9606
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211790
|
6.5 |
MEDIUM
Network
|
1234n
|
minicms
|
MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891.
|
CWE-352
Origin Validation Error
|
CVE-2019-9603
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
