Total
2503 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-45865 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2024-08-04 | 9.8 Critical |
A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality. | ||||
CVE-2021-45982 | 1 Netscout | 1 Ngeniusone | 2024-08-04 | 8.8 High |
NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user. | ||||
CVE-2021-45834 | 1 Opendocman | 1 Opendocman | 2024-08-04 | 9.8 Critical |
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution. | ||||
CVE-2021-45790 | 1 Metersphere | 1 Metersphere | 2024-08-04 | 9.8 Critical |
An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands. | ||||
CVE-2021-45808 | 1 Jpress | 1 Jpress | 2024-08-04 | 8.8 High |
jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server. | ||||
CVE-2021-45411 | 1 Printable Staff Id Card Creator System Project | 1 Printable Staff Id Card Creator System | 2024-08-04 | 9.8 Critical |
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution. | ||||
CVE-2021-45040 | 1 Spatie | 1 Laravel Media Library | 2024-08-04 | 9.8 Critical |
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route. | ||||
CVE-2021-44967 | 1 Limesurvey | 1 Limesurvey | 2024-08-04 | 8.8 High |
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. | ||||
CVE-2021-44651 | 1 Zohocorp | 2 Log360, Manageengine Cloud Security Plus | 2024-08-04 | 8.8 High |
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175. | ||||
CVE-2021-44664 | 1 Xerte | 1 Xerte | 2024-08-04 | 8.8 High |
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable. | ||||
CVE-2021-44673 | 1 Croogo | 1 Croogo | 2024-08-04 | 8.8 High |
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. | ||||
CVE-2021-44426 | 1 Anydesk | 1 Anydesk | 2024-08-04 | 8.8 High |
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim. | ||||
CVE-2021-44123 | 1 Spip | 1 Spip | 2024-08-04 | 8.8 High |
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it. | ||||
CVE-2021-44093 | 1 Zrlog | 1 Zrlog | 2024-08-04 | 9.8 Critical |
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell | ||||
CVE-2021-44094 | 1 Zrlog | 1 Zrlog | 2024-08-04 | 7.8 High |
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file | ||||
CVE-2021-44031 | 1 Quest | 1 Kace Desktop Authority | 2024-08-04 | 9.8 Critical |
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}. | ||||
CVE-2021-43970 | 1 Quicklert | 1 Quicklert | 2024-08-04 | 8.8 High |
An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM). | ||||
CVE-2021-43973 | 1 Sysaid | 1 Sysaid | 2024-08-04 | 8.8 High |
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file. | ||||
CVE-2021-43934 | 1 Smartptt | 1 Smartptt Scada | 2024-08-04 | 9.8 Critical |
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files. | ||||
CVE-2021-43936 | 1 Webhmi | 2 Webhmi, Webhmi Firmware | 2024-08-04 | 10 Critical |
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution. |