Total
2651 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37762 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. | |||||
| CVE-2021-37761 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. | |||||
| CVE-2021-37741 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. | |||||
| CVE-2021-37608 | 1 Apache | 1 Ofbiz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297. | |||||
| CVE-2021-37539 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. | |||||
| CVE-2021-37444 | 1 Nchsoftware | 1 Ivm Attendant | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. | |||||
| CVE-2021-37372 | 1 Online Student Admission System Project | 1 Online Student Admission System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution. | |||||
| CVE-2021-37221 | 1 Customer Relationship Management System Project | 1 Customer Relationship Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. . | |||||
| CVE-2021-37194 | 1 Siemens | 1 Comos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files. | |||||
| CVE-2021-37105 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal. | |||||
| CVE-2021-36741 | 2 Microsoft, Trendmicro | 5 Windows, Apex One, Officescan and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability. | |||||
| CVE-2021-36719 | 1 Cybonet | 1 Mail Secure | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code. | |||||
| CVE-2021-36711 | 1 Octobot | 1 Octobot | 2024-11-21 | N/A | 9.8 CRITICAL |
| WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled. | |||||
| CVE-2021-36623 | 1 Phone Shop Sales Management System Project | 1 Phone Shop Sales Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE. | |||||
| CVE-2021-36622 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell. | |||||
| CVE-2021-36582 | 1 Kooboo | 1 Kooboo Cms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL. | |||||
| CVE-2021-36581 | 1 Kooboo | 1 Kooboo Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server. | |||||
| CVE-2021-36548 | 1 Monstra | 1 Monstra | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file. | |||||
| CVE-2021-36547 | 1 Mara Cms Project | 1 Mara Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file. | |||||
| CVE-2021-36461 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini. | |||||