Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25206 | 1 Responsive Ordering System Project | 1 Responsive Ordering System | 2021-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php. | |||||
| CVE-2021-25207 | 1 E-commerce Website Project | 1 E-commerce Website | 2021-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php. | |||||
| CVE-2021-25208 | 1 Travel Management System Project | 1 Travel Management System | 2021-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php. | |||||
| CVE-2021-25211 | 1 Online Ordering System Project | 1 Online Ordering System | 2021-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php. | |||||
| CVE-2019-20451 | 1 Samsung | 2 Prismview Player 11, Prismview System 9 | 2021-09-09 | 10.0 HIGH | 9.8 CRITICAL |
| The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be downloaded.) | |||||
| CVE-2020-23790 | 1 Uxper | 1 Golo | 2021-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5. | |||||
| CVE-2021-36040 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2021-09-08 | 6.5 MEDIUM | 7.2 HIGH |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to bypass file extension restrictions and could lead to remote code execution. | |||||
| CVE-2021-36042 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2021-09-08 | 6.5 MEDIUM | 7.2 HIGH |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution. | |||||
| CVE-2021-32955 | 1 Deltaww | 1 Diaenergie | 2021-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. | |||||
| CVE-2015-9471 | 1 Digitalzoomstudio | 1 Zoomsounds | 2021-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload. | |||||
| CVE-2021-40175 | 1 Zohocorp | 1 Manageengine Log360 | 2021-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. | |||||
| CVE-2020-18114 | 1 Dedecms | 1 Dedecms | 2021-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. | |||||
| CVE-2021-33884 | 1 Bbraun | 3 Infusomat Large Volume Pump 871305u, Spacecom2, Spacestation 8713142u | 2021-09-01 | 5.0 MEDIUM | 9.1 CRITICAL |
| An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the webpage API. This can result in critical files being overwritten. | |||||
| CVE-2020-27461 | 1 Seopanel | 1 Seopanel | 2021-08-30 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function. | |||||
| CVE-2021-27618 | 1 Sap | 1 Netweaver Process Integration | 2021-08-27 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application. | |||||
| CVE-2021-38366 | 1 Sitecore | 1 Sitecore | 2021-08-25 | 6.8 MEDIUM | 8.8 HIGH |
| Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL. | |||||
| CVE-2020-18879 | 1 Bludit | 1 Bludit | 2021-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. | |||||
| CVE-2020-18886 | 1 Phpmywind | 1 Phpmywind | 2021-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'. | |||||
| CVE-2021-22937 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. | |||||
| CVE-2020-18704 | 1 Fusionbox | 1 Widgy | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'. | |||||