Search
Total
736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22937 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. | |||||
| CVE-2020-21976 | 1 Newsone Cms Project | 1 Newsone Cms | 2021-08-19 | 9.0 HIGH | 8.8 HIGH |
| An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands. | |||||
| CVE-2021-38305 | 1 23andme | 1 Yamale | 2021-08-17 | 9.3 HIGH | 7.8 HIGH |
| 23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each line is run through Python's eval function to make the validator available. A well-constructed string within the schema rules can execute system commands; thus, by exploiting the vulnerability, an attacker can run arbitrary code on the image that invokes Yamale. | |||||
| CVE-2020-18462 | 1 Aikcms | 1 Aikcms | 2021-08-17 | 6.5 MEDIUM | 7.2 HIGH |
| File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file. | |||||
| CVE-2018-1265 | 2 Cloudfoundry, Pivotal Software | 2 Cf-deployment, Cloud Foundry Diego | 2021-08-17 | 6.5 MEDIUM | 7.2 HIGH |
| Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell. | |||||
| CVE-2021-34639 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2021-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions. | |||||
| CVE-2020-19303 | 1 Houdunren | 1 Hdcms | 2021-08-11 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2021-32594 | 1 Fortinet | 1 Fortiportal | 2021-08-11 | 5.5 MEDIUM | 8.1 HIGH |
| An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files. | |||||
| CVE-2020-26806 | 1 Objectplanet | 1 Opinio | 2021-08-09 | 6.5 MEDIUM | 8.8 HIGH |
| admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code. | |||||
| CVE-2021-37444 | 1 Nchsoftware | 1 Ivm Attendant | 2021-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. | |||||
| CVE-2017-9650 | 2 Automatedlogic, Carrier | 3 I-vu, Sitescan Web, Automatedlogic Webctrl | 2021-07-27 | 4.6 MEDIUM | 7.8 HIGH |
| An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. | |||||
| CVE-2020-25106 | 1 Supremocontrol | 1 Supremo | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename. | |||||
| CVE-2019-19141 | 1 Plex | 1 Media Server | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a default Ubuntu installation) creating a .ssh folder in the plex user's home directory via directory traversal, uploading an SSH authorized_keys file there, and logging into the host as the Plex user via SSH. | |||||
| CVE-2020-5771 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2021-07-21 | 7.1 HIGH | 7.5 HIGH |
| Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive. | |||||
| CVE-2019-18188 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication. | |||||
| CVE-2019-11552 | 1 Code42 | 2 Code42 For Enterprise, Crashplan For Small Business | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user. | |||||
| CVE-2019-12169 | 1 Atutor | 1 Atutor | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. | |||||
| CVE-2019-11378 | 1 Projectsend | 1 Projectsend | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code. | |||||
| CVE-2020-15667 | 1 Mozilla | 1 Firefox | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80. | |||||
| CVE-2019-14768 | 1 Dimo-crm | 1 Yellowbox Crm | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges. | |||||
| CVE-2020-1255 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-5772 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2021-07-21 | 7.1 HIGH | 7.5 HIGH |
| Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. | |||||
| CVE-2020-11629 | 1 Primekey | 1 Ejbca | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to the CA UI could exploit this to upload malicious scripts to the server. (Risks associated with this issue alone are negligible unless a malicious user already has gained access to the CA UI through other means, as a trusted user is already trusted to upload scripts by virtue of having access to the validator.) | |||||
| CVE-2021-20104 | 1 Machform | 1 Machform | 2021-07-02 | 6.8 MEDIUM | 8.1 HIGH |
| Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. | |||||
| CVE-2019-11074 | 1 Paessler | 1 Prtg Network Monitor | 2021-06-29 | 9.0 HIGH | 7.2 HIGH |
| A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor. | |||||
| CVE-2021-28976 | 1 Get-simple | 1 Getsimplecms | 2021-06-28 | 6.5 MEDIUM | 7.2 HIGH |
| Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. | |||||
| CVE-2019-12744 | 1 Seeddms | 1 Seeddms | 2021-06-25 | 6.0 MEDIUM | 7.5 HIGH |
| SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940. | |||||
| CVE-2021-32243 | 1 Fogproject | 1 Fogproject | 2021-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). | |||||
| CVE-2021-27489 | 1 Zoll | 1 Defibrillator Dashboard | 2021-06-22 | 6.5 MEDIUM | 8.8 HIGH |
| ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands. | |||||
| CVE-2020-36388 | 1 Civicrm | 1 Civicrm | 2021-06-22 | 6.5 MEDIUM | 8.8 HIGH |
| In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. | |||||
| CVE-2021-26828 | 1 Openplcproject | 1 Scadabr | 2021-06-21 | 6.5 MEDIUM | 8.8 HIGH |
| OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. | |||||
| CVE-2021-32660 | 1 Linuxfoundation | 1 \@backstage\/techdocs-common | 2021-06-21 | 5.8 MEDIUM | 8.1 HIGH |
| Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of `@backstage/tehdocs-common` prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These scripts would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the content sanitazion will be bypassed. If the TechDocs API is hosted on the same origin as the Backstage app or other backend plugins, this may give access to sensitive data. The ability to upload malicious content may be limited by internal code review processes, unless the chosen TechDocs deployment method is to use an object store and the actor has access to upload files directly to that store. The vulnerability is patched in the `0.6.4` release of `@backstage/techdocs-common`. | |||||
| CVE-2021-32661 | 1 Linuxfoundation | 1 \@backstage\/plugin-techdocs | 2021-06-21 | 4.9 MEDIUM | 7.3 HIGH |
| Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin (`@backstage/plugin-techdocs`) prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an `object` element. This may give access to sensitive data when other users visit that same documentation page. The ability to upload malicious content may be limited by internal code review processes, unless the chosen TechDocs deployment method is to use an object store and the actor has access to upload files directly to that store. The vulnerability is patched in the `0.9.5` release of `@backstage/plugin-techdocs`. | |||||
| CVE-2021-34128 | 1 Laiketui | 1 Laiketui | 2021-06-21 | 6.5 MEDIUM | 8.8 HIGH |
| LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. | |||||
| CVE-2021-3277 | 1 Nagios | 1 Nagios Xi | 2021-06-15 | 6.5 MEDIUM | 7.2 HIGH |
| Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files. | |||||
| CVE-2021-29092 | 1 Synology | 1 Photo Station | 2021-06-09 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2020-36141 | 1 Bloofox | 1 Bloofoxcms | 2021-06-09 | 6.5 MEDIUM | 8.8 HIGH |
| BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header. | |||||
| CVE-2020-26678 | 1 Vfairs | 1 Vfairs | 2021-06-01 | 6.5 MEDIUM | 8.8 HIGH |
| vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution. | |||||
| CVE-2020-23765 | 1 Bludit | 1 Bludit | 2021-05-27 | 6.5 MEDIUM | 7.2 HIGH |
| A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server. | |||||
| CVE-2021-32630 | 1 Admidio | 1 Admidio | 2021-05-27 | 6.5 MEDIUM | 8.8 HIGH |
| Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could rename the php shell with a .phar extension, visit the file, triggering the payload for a reverse/bind shell. This can be mitigated by excluding a .phar file extension to be uploaded (like you did with .php .phtml .php5 etc). The vulnerability is patched in version 4.0.4. | |||||
| CVE-2021-32622 | 1 Matrix-react-sdk Project | 1 Matrix-react-sdk | 2021-05-25 | 4.4 MEDIUM | 7.8 HIGH |
| Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users. This vulnerability is patched in version 3.21.0. | |||||
| CVE-2018-12980 | 1 Wago | 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more | 2021-05-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server. | |||||
| CVE-2021-24254 | 1 College Publisher Import Project | 1 College Publisher Import | 2021-05-14 | 6.5 MEDIUM | 7.2 HIGH |
| The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack. | |||||
| CVE-2021-24253 | 1 Classyfrieds Project | 1 Classyfrieds | 2021-05-14 | 6.5 MEDIUM | 8.8 HIGH |
| The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE. | |||||
| CVE-2021-24252 | 1 Wp-eventmanager | 1 Event Banner | 2021-05-14 | 6.5 MEDIUM | 7.2 HIGH |
| The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded) | |||||
| CVE-2021-32094 | 1 Nsa | 1 Emissary | 2021-05-12 | 6.5 MEDIUM | 8.8 HIGH |
| U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files. | |||||
| CVE-2021-24224 | 1 Easy-form-builder-by-bitware Project | 1 Easy-form-builder-by-bitware | 2021-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE. | |||||
| CVE-2021-20022 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2021-04-14 | 6.5 MEDIUM | 7.2 HIGH |
| SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. | |||||
| CVE-2021-29641 | 1 Rangerstudio | 1 Directus | 2021-04-13 | 6.5 MEDIUM | 8.8 HIGH |
| Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com). | |||||
| CVE-2021-24160 | 1 Expresstech | 1 Responsive Menu | 2021-04-08 | 6.5 MEDIUM | 8.8 HIGH |
| In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site. | |||||