Total
3971 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42171 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 7.2 High |
| Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth. | ||||
| CVE-2021-42133 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.1 High |
| An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. | ||||
| CVE-2021-42125 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High |
| An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. | ||||
| CVE-2021-42123 | 1 Businessdnasolutions | 1 Topease | 2024-11-21 | 7.3 High |
| Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks. | ||||
| CVE-2021-42099 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | ||||
| CVE-2021-41938 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 7.2 High |
| An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations. | ||||
| CVE-2021-41921 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 9.8 Critical |
| novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. | ||||
| CVE-2021-41919 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 8.8 High |
| webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers. | ||||
| CVE-2021-41870 | 1 Socomec | 2 Remote View Pro, Remote View Pro Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files. | ||||
| CVE-2021-41833 | 1 Zohocorp | 1 Manageengine Patch Connect Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. | ||||
| CVE-2021-41745 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 9.8 Critical |
| ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. | ||||
| CVE-2021-41675 | 1 E-negosyo System Project | 1 E-negosyo System | 2024-11-21 | 7.2 High |
| A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. . | ||||
| CVE-2021-41646 | 1 Online Reviewer System Project | 1 Online Reviewer System | 2024-11-21 | 9.8 Critical |
| Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters.. | ||||
| CVE-2021-41645 | 1 Oretnom23 | 1 Budget And Expense Tracker System | 2024-11-21 | 8.8 High |
| Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. . | ||||
| CVE-2021-41644 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-11-21 | 9.8 Critical |
| Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters. | ||||
| CVE-2021-41643 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | 9.8 Critical |
| Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field. | ||||
| CVE-2021-41566 | 1 Tadtools Project | 1 Tadtools | 2024-11-21 | 9.8 Critical |
| The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. | ||||
| CVE-2021-41560 | 1 Opencats | 1 Opencats | 2024-11-21 | 9.8 Critical |
| OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. | ||||
| CVE-2021-41550 | 1 Leostream | 1 Connection Broker | 2024-11-21 | 7.2 High |
| Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code. | ||||
| CVE-2021-41421 | 1 Maianmedia | 1 Maianaffiliate | 2024-11-21 | 4.8 Medium |
| A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel. | ||||