Total
2503 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-0974 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-08-04 | 8.8 High |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971. | ||||
CVE-2020-0971 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-08-04 | 8.8 High |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974. | ||||
CVE-2020-0931 | 1 Microsoft | 4 Business Productivity Servers, Sharepoint Enterprise Server, Sharepoint Foundation and 1 more | 2024-08-04 | 8.8 High |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | ||||
CVE-2020-0920 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-08-04 | 8.8 High |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | ||||
CVE-2020-0929 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-08-04 | 8.8 High |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | ||||
CVE-2021-46386 | 1 Mingsoft | 1 Mcms | 2024-08-04 | 9.8 Critical |
File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. | ||||
CVE-2021-46428 | 1 Simple Chatbot Application Project | 1 Simple Chatbot Application | 2024-08-04 | 9.8 Critical |
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php. | ||||
CVE-2021-46360 | 1 Ocproducts | 1 Composr | 2024-08-04 | 8.8 High |
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. | ||||
CVE-2021-46367 | 1 Ritecms | 1 Ritecms | 2024-08-04 | 7.2 High |
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default. | ||||
CVE-2021-46115 | 1 Jpress | 1 Jpress | 2024-08-04 | 7.2 High |
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code. | ||||
CVE-2021-46116 | 1 Jpress | 1 Jpress | 2024-08-04 | 7.2 High |
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code. | ||||
CVE-2021-46113 | 1 Kea-hotel-erp Project | 1 Kea-hotel-erp | 2024-08-04 | 8.8 High |
In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service. | ||||
CVE-2021-46097 | 1 Dolphinphp | 1 Dolphinphp | 2024-08-04 | 8.8 High |
Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log | ||||
CVE-2021-46078 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-08-04 | 4.8 Medium |
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability. | ||||
CVE-2021-46079 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-08-04 | 7.2 High |
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection. | ||||
CVE-2021-46076 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-08-04 | 8.8 High |
Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution. | ||||
CVE-2021-46036 | 1 Mingsoft | 1 Mcms | 2024-08-04 | 9.8 Critical |
An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code. | ||||
CVE-2021-46013 | 1 Free School Management Software Project | 1 Free School Management Software | 2024-08-04 | 9.8 Critical |
An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_GET["cmd"]); ?>" gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users. | ||||
CVE-2021-45835 | 1 Online Admission System Project | 1 Online Admissions System | 2024-08-04 | 9.8 Critical |
The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution. | ||||
CVE-2021-46033 | 1 Forestblog Project | 1 Forestblog | 2024-08-04 | 9.8 Critical |
In ForestBlog, as of 2021-12-28, File upload can bypass verification. |