Export limit exceeded: 341595 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4038 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29891 | 1 Ibm | 8 Hardware Management Console 7063-cr2, Hardware Management Console 7063-cr2 Firmware, Power System Ac922 \(8335-gtg\) and 5 more | 2024-11-21 | 4.9 Medium |
| IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221. | ||||
| CVE-2021-29699 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 6.8 Medium |
| IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. | ||||
| CVE-2021-29641 | 1 Rangerstudio | 1 Directus | 2024-11-21 | 8.8 High |
| Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com). | ||||
| CVE-2021-29377 | 1 Pearadmin | 1 Pearadmin Think | 2024-11-21 | 9.8 Critical |
| Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt. | ||||
| CVE-2021-29281 | 1 Gfi | 1 Archiver | 2024-11-21 | 9.8 Critical |
| File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317. | ||||
| CVE-2021-29092 | 1 Synology | 1 Photo Station | 2024-11-21 | 8.8 High |
| Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2021-29022 | 1 Invoiceplane | 1 Invoiceplane | 2024-11-21 | 5.3 Medium |
| In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory. | ||||
| CVE-2021-28976 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 7.2 High |
| Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. | ||||
| CVE-2021-28931 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 8.8 High |
| Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel. | ||||
| CVE-2021-28474 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2021-28428 | 1 Horizontcms Project | 1 Horizontcms | 2024-11-21 | 9.8 Critical |
| File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE. | ||||
| CVE-2021-28379 | 2 Myvestacp, Vestacp | 2 Myvesta, Vesta Control Panel | 2024-11-21 | 8.8 High |
| web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin. | ||||
| CVE-2021-28294 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 9.8 Critical |
| Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE). | ||||
| CVE-2021-28173 | 1 Deltaflow Project | 1 Deltaflow | 2024-11-21 | 9.8 Critical |
| The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login. | ||||
| CVE-2021-28023 | 1 Servicetonic | 1 Servicetonic | 2024-11-21 | 9.8 Critical |
| Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths. | ||||
| CVE-2021-27984 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 8.1 High |
| In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. | ||||
| CVE-2021-27964 | 1 Sfcyazilim | 1 Sonlogger | 2024-11-21 | 9.8 Critical |
| SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file. | ||||
| CVE-2021-27817 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 9.8 Critical |
| A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix. | ||||
| CVE-2021-27771 | 1 Hcltech | 1 Sametime | 2024-11-21 | 8.2 High |
| User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID (SID). This value is also used when sending chat messages, receiving notifications and/or transferring files. | ||||
| CVE-2021-27618 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 4.9 Medium |
| The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application. | ||||