Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3
CVE-2014-9580
- EPSS 3.8%
- Veröffentlicht 08.01.2015 19:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-11...
7.5
CVE-2014-9567
- EPSS 82.89%
- Veröffentlicht 07.01.2015 18:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to th...