Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44031 | 1 Quest | 1 Kace Desktop Authority | 2021-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}. | |||||
| CVE-2021-44164 | 1 Chinasea | 1 Qb Smart Service Robot | 2021-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service. | |||||
| CVE-2021-24981 | 1 Wpwax | 1 Directorist | 2021-12-27 | 5.1 MEDIUM | 7.5 HIGH |
| The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. | |||||
| CVE-2021-42362 | 1 Wordpress Popular Posts Project | 1 Wordpress Popular Posts | 2021-12-21 | 6.5 MEDIUM | 8.8 HIGH |
| The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2. | |||||
| CVE-2018-15573 | 1 Reprisesoftware | 1 Reprise License Manager | 2021-12-21 | 9.3 HIGH | 8.8 HIGH |
| ** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability." | |||||
| CVE-2021-41560 | 1 Opencats | 1 Opencats | 2021-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. | |||||
| CVE-2021-43829 | 1 Patrowl | 1 Patrowlmanager | 2021-12-17 | 6.5 MEDIUM | 8.8 HIGH |
| PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue. | |||||
| CVE-2021-43117 | 1 Fastadmin | 1 Fastadmin | 2021-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. | |||||
| CVE-2021-41870 | 1 Socomec | 2 Remote View Pro, Remote View Pro Firmware | 2021-12-16 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files. | |||||
| CVE-2021-41646 | 1 Online Reviewer System Project | 1 Online Reviewer System | 2021-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters.. | |||||
| CVE-2021-40883 | 1 Emlog | 1 Emlog | 2021-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. | |||||
| CVE-2021-40870 | 1 Aviatrix | 1 Controller | 2021-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. | |||||
| CVE-2021-27984 | 1 Pluck-cms | 1 Pluck | 2021-12-14 | 7.5 HIGH | 8.1 HIGH |
| In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. | |||||
| CVE-2021-36719 | 1 Cybonet | 1 Mail Secure | 2021-12-13 | 9.0 HIGH | 8.8 HIGH |
| PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code. | |||||
| CVE-2021-24248 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2021-12-08 | 6.5 MEDIUM | 7.2 HIGH |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE | |||||
| CVE-2021-42125 | 1 Ivanti | 1 Avalanche | 2021-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. | |||||
| CVE-2021-23562 | 1 Tiny | 1 Plupload | 2021-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file. | |||||
| CVE-2021-42099 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | |||||
| CVE-2020-29176 | 1 Zblogcn | 1 Z-blogphp | 2021-12-06 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file. | |||||
| CVE-2021-24155 | 1 Backup-guard | 1 Backup Guard | 2021-12-03 | 6.5 MEDIUM | 7.2 HIGH |
| The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE. | |||||