Total
2507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37770 | 1 Nucleuscms | 1 Nucleus Cms | 2024-08-04 | 7.2 High |
| Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources. | ||||
| CVE-2021-37762 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-08-04 | 9.8 Critical |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. | ||||
| CVE-2021-37761 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-08-04 | 9.8 Critical |
| Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. | ||||
| CVE-2021-37608 | 1 Apache | 1 Ofbiz | 2024-08-04 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297. | ||||
| CVE-2021-37539 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-08-04 | 9.8 Critical |
| Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. | ||||
| CVE-2021-37194 | 1 Siemens | 1 Comos | 2024-08-04 | 7.5 High |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files. | ||||
| CVE-2021-37444 | 1 Nchsoftware | 1 Ivm Attendant | 2024-08-04 | 8.8 High |
| NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. | ||||
| CVE-2021-37372 | 1 Online Student Admission System Project | 1 Online Student Admission System | 2024-08-04 | 8.8 High |
| Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution. | ||||
| CVE-2021-37221 | 1 Customer Relationship Management System Project | 1 Customer Relationship Management System | 2024-08-04 | 8.8 High |
| A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. . | ||||
| CVE-2021-37105 | 1 Huawei | 1 Fusioncompute | 2024-08-04 | 7.5 High |
| There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal. | ||||
| CVE-2021-36719 | 1 Cybonet | 1 Mail Secure | 2024-08-04 | 8.8 High |
| PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code. | ||||
| CVE-2021-36622 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2024-08-04 | 9.8 Critical |
| Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell. | ||||
| CVE-2021-36711 | 1 Octobot | 1 Octobot | 2024-08-04 | 9.8 Critical |
| WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled. | ||||
| CVE-2021-36623 | 1 Phone Shop Sales Management System Project | 1 Phone Shop Sales Management System | 2024-08-04 | 9.8 Critical |
| Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE. | ||||
| CVE-2021-36581 | 1 Kooboo | 1 Kooboo Cms | 2024-08-04 | 9.8 Critical |
| Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server. | ||||
| CVE-2021-36582 | 1 Kooboo | 1 Kooboo Cms | 2024-08-04 | 9.8 Critical |
| In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL. | ||||
| CVE-2021-36548 | 1 Monstra | 1 Monstra | 2024-08-04 | 9.8 Critical |
| A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file. | ||||
| CVE-2021-36461 | 1 Microweber | 1 Microweber | 2024-08-04 | 8.8 High |
| An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini. | ||||
| CVE-2021-36426 | 1 Phpwcms | 1 Phpwcms | 2024-08-04 | 8.8 High |
| File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php. | ||||
| CVE-2021-36440 | 1 Showdoc | 1 Showdoc | 2024-08-04 | 9.8 Critical |
| Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'. | ||||