Search
Total
1387 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25203 | 1 Victor Cms Project | 1 Victor Cms | 2021-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php. | |||||
| CVE-2017-9650 | 2 Automatedlogic, Carrier | 3 I-vu, Sitescan Web, Automatedlogic Webctrl | 2021-07-27 | 4.6 MEDIUM | 7.8 HIGH |
| An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. | |||||
| CVE-2021-35963 | 1 Learningdigital | 1 Orca Hcm | 2021-07-27 | 10.0 HIGH | 9.8 CRITICAL |
| The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks. | |||||
| CVE-2020-23574 | 1 Sysax | 1 Multi Server | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfile_name1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash. | |||||
| CVE-2019-11378 | 1 Projectsend | 1 Projectsend | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code. | |||||
| CVE-2020-5772 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2021-07-21 | 7.1 HIGH | 7.5 HIGH |
| Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. | |||||
| CVE-2020-5188 | 1 Dnnsoftware | 1 Dotnetnuke | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | |||||
| CVE-2020-25106 | 1 Supremocontrol | 1 Supremo | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename. | |||||
| CVE-2019-9642 | 1 Pydio | 1 Pydio | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a proxy.php?hash=../../../../../var/lib/pydio/data/personal/guest/PoC.php request. This is related to plugins/action.share/src/Store/ShareStore.php. | |||||
| CVE-2019-12169 | 1 Atutor | 1 Atutor | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. | |||||
| CVE-2019-15130 | 1 Humanica | 1 Humatrix 7 | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a predictable WRC01_USERID parameter. Moreover, the attacker can upload executable content (e.g., asp or aspx) for executing OS commands on the server. | |||||
| CVE-2019-11552 | 1 Code42 | 2 Code42 For Enterprise, Crashplan For Small Business | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user. | |||||
| CVE-2019-18188 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication. | |||||
| CVE-2019-19141 | 1 Plex | 1 Media Server | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a default Ubuntu installation) creating a .ssh folder in the plex user's home directory via directory traversal, uploading an SSH authorized_keys file there, and logging into the host as the Plex user via SSH. | |||||
| CVE-2020-4918 | 1 Ibm | 1 Cloud Pak System | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392. | |||||
| CVE-2020-5771 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2021-07-21 | 7.1 HIGH | 7.5 HIGH |
| Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive. | |||||
| CVE-2019-14768 | 1 Dimo-crm | 1 Yellowbox Crm | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges. | |||||
| CVE-2020-15667 | 1 Mozilla | 1 Firefox | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80. | |||||
| CVE-2020-1255 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-11629 | 1 Primekey | 1 Ejbca | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to the CA UI could exploit this to upload malicious scripts to the server. (Risks associated with this issue alone are negligible unless a malicious user already has gained access to the CA UI through other means, as a trusted user is already trusted to upload scripts by virtue of having access to the validator.) | |||||
| CVE-2018-12426 | 1 3cx | 1 Live Chat | 2021-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type. | |||||
| CVE-2021-32538 | 1 Artware Cms Project | 1 Artware Cms | 2021-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly. | |||||
| CVE-2020-22249 | 1 Phplist | 1 Phplist | 2021-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution | |||||
| CVE-2016-10258 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2021-07-08 | 6.0 MEDIUM | 6.8 MEDIUM |
| Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. | |||||
| CVE-2021-20104 | 1 Machform | 1 Machform | 2021-07-02 | 6.8 MEDIUM | 8.1 HIGH |
| Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. | |||||
| CVE-2021-34074 | 1 Pandorafms | 1 Pandora Fms | 2021-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests. | |||||
| CVE-2020-21786 | 1 Ibos | 1 Ibos | 2021-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php. | |||||
| CVE-2020-21787 | 1 Crmeb | 1 Crmeb | 2021-06-30 | 10.0 HIGH | 9.8 CRITICAL |
| CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php. | |||||
| CVE-2019-11074 | 1 Paessler | 1 Prtg Network Monitor | 2021-06-29 | 9.0 HIGH | 7.2 HIGH |
| A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor. | |||||
| CVE-2021-28976 | 1 Get-simple | 1 Getsimplecms | 2021-06-28 | 6.5 MEDIUM | 7.2 HIGH |
| Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. | |||||
| CVE-2019-12744 | 1 Seeddms | 1 Seeddms | 2021-06-25 | 6.0 MEDIUM | 7.5 HIGH |
| SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940. | |||||
| CVE-2010-1433 | 1 Joomla | 1 Joomla\! | 2021-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | |||||
| CVE-2020-19510 | 2 Microsoft, Textpattern | 2 Windows, Textpattern | 2021-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. | |||||
| CVE-2020-28871 | 1 Monitorr Project | 1 Monitorr | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | |||||
| CVE-2021-32243 | 1 Fogproject | 1 Fogproject | 2021-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). | |||||
| CVE-2013-20002 | 1 Themify | 1 Framework | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. | |||||
| CVE-2021-27489 | 1 Zoll | 1 Defibrillator Dashboard | 2021-06-22 | 6.5 MEDIUM | 8.8 HIGH |
| ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands. | |||||
| CVE-2020-36388 | 1 Civicrm | 1 Civicrm | 2021-06-22 | 6.5 MEDIUM | 8.8 HIGH |
| In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. | |||||
| CVE-2020-7864 | 1 Dext5 | 1 Dext5 Editor | 2021-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| Parameter manipulation can bypass authentication to cause file upload and execution. This will execute the remote code. This issue affects: Raonwiz DEXT5Editor versions prior to 3.5.1405747.1100.03. | |||||
| CVE-2021-23394 | 1 Std42 | 1 Elfinder | 2021-06-22 | 6.8 MEDIUM | 9.8 CRITICAL |
| The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP. | |||||
| CVE-2021-26828 | 1 Openplcproject | 1 Scadabr | 2021-06-21 | 6.5 MEDIUM | 8.8 HIGH |
| OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. | |||||
| CVE-2021-32660 | 1 Linuxfoundation | 1 \@backstage\/techdocs-common | 2021-06-21 | 5.8 MEDIUM | 8.1 HIGH |
| Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of `@backstage/tehdocs-common` prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These scripts would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the content sanitazion will be bypassed. If the TechDocs API is hosted on the same origin as the Backstage app or other backend plugins, this may give access to sensitive data. The ability to upload malicious content may be limited by internal code review processes, unless the chosen TechDocs deployment method is to use an object store and the actor has access to upload files directly to that store. The vulnerability is patched in the `0.6.4` release of `@backstage/techdocs-common`. | |||||
| CVE-2021-32661 | 1 Linuxfoundation | 1 \@backstage\/plugin-techdocs | 2021-06-21 | 4.9 MEDIUM | 7.3 HIGH |
| Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin (`@backstage/plugin-techdocs`) prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an `object` element. This may give access to sensitive data when other users visit that same documentation page. The ability to upload malicious content may be limited by internal code review processes, unless the chosen TechDocs deployment method is to use an object store and the actor has access to upload files directly to that store. The vulnerability is patched in the `0.9.5` release of `@backstage/plugin-techdocs`. | |||||
| CVE-2021-34128 | 1 Laiketui | 1 Laiketui | 2021-06-21 | 6.5 MEDIUM | 8.8 HIGH |
| LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. | |||||
| CVE-2020-35760 | 1 Bloofox | 1 Bloofoxcms | 2021-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files). | |||||
| CVE-2021-3277 | 1 Nagios | 1 Nagios Xi | 2021-06-15 | 6.5 MEDIUM | 7.2 HIGH |
| Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files. | |||||
| CVE-2020-35442 | 1 Fangfa | 1 Fdcms | 2021-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| FDCMS (also known as Fangfa Content Management System) 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php. | |||||
| CVE-2020-21005 | 1 Wellcms | 1 Wellcms | 2021-06-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell. | |||||
| CVE-2021-31703 | 1 Frontiersoftware | 1 Ichris | 2021-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user. | |||||
| CVE-2021-29092 | 1 Synology | 1 Photo Station | 2021-06-09 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||