Total
2507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27459 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-08-03 | 9.8 Critical |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code. | ||||
| CVE-2021-27280 | 1 Mblog Project | 1 Mblog | 2024-08-03 | 7.8 High |
| OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected. | ||||
| CVE-2021-27274 | 1 Netgear | 1 Prosafe Network Management System | 2024-08-03 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12124. | ||||
| CVE-2021-27198 | 1 Visualware | 1 Myconnection Server | 2024-08-03 | 9.8 Critical |
| An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system. | ||||
| CVE-2021-26828 | 1 Openplcproject | 1 Scadabr | 2024-08-03 | 8.8 High |
| OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. | ||||
| CVE-2021-26809 | 1 Phpgurukul | 1 Car Rental Portal | 2024-08-03 | 9.8 Critical |
| PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php. | ||||
| CVE-2021-26740 | 1 Doyocms Project | 1 Doyocms | 2024-08-03 | 9.8 Critical |
| Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code. | ||||
| CVE-2021-26794 | 1 Frogcms Project | 1 Frogcms | 2024-08-03 | 9.8 Critical |
| Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file. | ||||
| CVE-2021-26634 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2024-08-03 | 9.8 Critical |
| SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell. | ||||
| CVE-2021-26597 | 1 Nokia | 1 Netact | 2024-08-03 | 6.5 Medium |
| An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. | ||||
| CVE-2021-26642 | 2 Microsoft, Xpressengine | 2 Windows, Xpressengine | 2024-08-03 | 8.8 High |
| When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | ||||
| CVE-2021-26628 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2024-08-03 | 8.1 High |
| Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. | ||||
| CVE-2021-25780 | 1 Baby Care System Project | 1 Baby Care System | 2024-08-03 | 7.2 High |
| An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell. | ||||
| CVE-2021-25210 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-08-03 | 9.8 Critical |
| Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php. | ||||
| CVE-2021-25211 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-08-03 | 9.8 Critical |
| Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php. | ||||
| CVE-2021-25207 | 1 E-commerce Website Project | 1 E-commerce Website | 2024-08-03 | 9.8 Critical |
| Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php. | ||||
| CVE-2021-25206 | 1 Responsive Ordering System Project | 1 Responsive Ordering System | 2024-08-03 | 9.8 Critical |
| Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php. | ||||
| CVE-2021-25200 | 1 Learning Management System Project | 1 Learning Management System | 2024-08-03 | 9.8 Critical |
| Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php. | ||||
| CVE-2021-25203 | 1 Victor Cms Project | 1 Victor Cms | 2024-08-03 | 9.8 Critical |
| Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php. | ||||
| CVE-2021-25208 | 1 Travel Management System Project | 1 Travel Management System | 2024-08-03 | 9.8 Critical |
| Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php. | ||||