Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41745 | 1 Showdoc | 1 Showdoc | 2021-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. | |||||
| CVE-2021-38484 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 9.0 HIGH | 7.2 HIGH |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution. | |||||
| CVE-2021-3846 | 1 Firefly-iii | 1 Firefly Iii | 2021-10-21 | 6.5 MEDIUM | 8.8 HIGH |
| firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type | |||||
| CVE-2021-42342 | 1 Embedthis | 1 Goahead | 2021-10-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts. | |||||
| CVE-2021-20130 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. | |||||
| CVE-2021-20131 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. | |||||
| CVE-2021-20125 | 1 Draytek | 1 Vigorconnect | 2021-10-19 | 10.0 HIGH | 9.8 CRITICAL |
| An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges. | |||||
| CVE-2021-40189 | 1 Php-fusion | 1 Phpfusion | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code. | |||||
| CVE-2021-40188 | 1 Php-fusion | 1 Phpfusion | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server. | |||||
| CVE-2017-12678 | 2 Debian, Taglib | 2 Debian Linux, Taglib | 2021-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. | |||||
| CVE-2021-41566 | 1 Tadtools Project | 1 Tadtools | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. | |||||
| CVE-2021-37919 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
| CVE-2021-37918 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
| CVE-2021-37762 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. | |||||
| CVE-2021-41919 | 1 Webtareas Project | 1 Webtareas | 2021-10-15 | 6.5 MEDIUM | 8.8 HIGH |
| webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers. | |||||
| CVE-2021-20584 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397. | |||||
| CVE-2021-37926 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
| CVE-2021-37921 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
| CVE-2021-37920 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
| CVE-2021-37924 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||