Total
2976 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44094 | 1 Zrlog | 1 Zrlog | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file | |||||
| CVE-2021-44093 | 1 Zrlog | 1 Zrlog | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell | |||||
| CVE-2021-44031 | 1 Quest | 1 Kace Desktop Authority | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}. | |||||
| CVE-2021-43973 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file. | |||||
| CVE-2021-43970 | 1 Quicklert | 1 Quicklert | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM). | |||||
| CVE-2021-43936 | 1 Webhmi | 2 Webhmi, Webhmi Firmware | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution. | |||||
| CVE-2021-43934 | 1 Smartptt | 1 Smartptt Scada | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files. | |||||
| CVE-2021-43829 | 1 Patrowl | 1 Patrowlmanager | 2024-11-21 | 6.5 MEDIUM | 7.4 HIGH |
| PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue. | |||||
| CVE-2021-43617 | 1 Laravel | 1 Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload. | |||||
| CVE-2021-43430 | 1 Bigantsoft | 1 Bigant Office Messenger 5 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files. | |||||
| CVE-2021-43421 | 1 Std42 | 1 Elfinder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code. | |||||
| CVE-2021-43117 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. | |||||
| CVE-2021-43103 | 1 Diyhi | 1 Bbs | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | |||||
| CVE-2021-43102 | 1 Diyhi | 1 Bbs | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | |||||
| CVE-2021-43101 | 1 Diyhi | 1 Bbs | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | |||||
| CVE-2021-43100 | 1 Diyhi | 1 Bbs | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | |||||
| CVE-2021-43098 | 1 Diyhi | 1 Bbs | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. | |||||
| CVE-2021-42967 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files. | |||||
| CVE-2021-42840 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328. | |||||
| CVE-2021-42839 | 1 Vice | 1 Webopac | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services. | |||||