Total
3287 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35244 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-11-21 | 8.5 HIGH | 6.8 MEDIUM |
| The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution. | |||||
| CVE-2021-34997 | 1 Commvault | 1 Commcell | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AppStudioUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13894. | |||||
| CVE-2021-34995 | 1 Commvault | 1 Commcell | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DownloadCenterUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13756. | |||||
| CVE-2021-34685 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 6.5 MEDIUM | 2.7 LOW |
| UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution). | |||||
| CVE-2021-34624 | 1 Properfraction | 1 Profilepress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. . | |||||
| CVE-2021-34623 | 1 Properfraction | 1 Profilepress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. . | |||||
| CVE-2021-34619 | 1 Storeapps | 1 Stock Manager For Woocommerce | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file. | |||||
| CVE-2021-34551 | 3 Fedoraproject, Microsoft, Phpmailer Project | 3 Fedora, Windows, Phpmailer | 2024-11-21 | 5.1 MEDIUM | 8.1 HIGH |
| PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. | |||||
| CVE-2021-34427 | 1 Eclipse | 1 Business Intelligence And Reporting Tools | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. | |||||
| CVE-2021-34257 | 1 Wpanel Cms Project | 1 Wpanel Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image. | |||||
| CVE-2021-34128 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. | |||||
| CVE-2021-34074 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests. | |||||
| CVE-2021-33884 | 1 Bbraun | 3 Infusomat Large Volume Pump 871305u, Spacecom2, Spacestation 8713142u | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the webpage API. This can result in critical files being overwritten. | |||||
| CVE-2021-33828 | 1 Owncloud | 1 Files Antivirus | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection. | |||||
| CVE-2021-33698 | 1 Sap | 1 Business One | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. | |||||
| CVE-2021-33615 | 1 Rsa | 1 Archer | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
| RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. | |||||
| CVE-2021-33224 | 1 Umbraco | 1 Umbraco Forms | 2024-11-21 | N/A | 9.8 CRITICAL |
| File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. | |||||
| CVE-2021-33009 | 1 Myscada | 1 Mypro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. | |||||
| CVE-2021-32961 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities. | |||||
| CVE-2021-32955 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. | |||||