Total
3296 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39608 | 1 Flatcore | 1 Flatcore-cms | 2024-11-21 | 7.2 High |
| Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. | ||||
| CVE-2021-39384 | 1 Diaowen | 1 Dwsurvey | 2024-11-21 | 9.8 Critical |
| DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java. | ||||
| CVE-2021-39222 | 1 Nextcloud | 1 Talk | 2024-11-21 | 6.4 Medium |
| Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Talk application is upgraded to patched versions 10.0.7, 10.1.4, 11.1.2, 11.2.0 or 12.0.0. As a workaround, use a browser that has support for Content-Security-Policy. | ||||
| CVE-2021-39221 | 1 Nextcloud | 1 Contacts | 2024-11-21 | 6.4 Medium |
| Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Contacts application is upgraded to 4.0.3. As a workaround, one may use a browser that has support for Content-Security-Policy. | ||||
| CVE-2021-39040 | 1 Ibm | 1 Planning Analytics Workspace | 2024-11-21 | 8.0 High |
| IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. | ||||
| CVE-2021-38945 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 9.8 Critical |
| IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238. | ||||
| CVE-2021-38847 | 1 S-cart | 1 S-cart | 2024-11-21 | 8.8 High |
| S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file. | ||||
| CVE-2021-38841 | 1 Simple Water Refilling Station Management System Project | 1 Simple Water Refilling Station Management System | 2024-11-21 | 8.8 High |
| Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action. | ||||
| CVE-2021-38753 | 1 Simple Image Gallery Web App Project | 1 Simple Image Gallery Web App | 2024-11-21 | 9.8 Critical |
| An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app. | ||||
| CVE-2021-38697 | 1 Softvibe | 1 Saraban | 2024-11-21 | 9.8 Critical |
| SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attackers to upload files with any file extension which can lead to arbitrary code execution. | ||||
| CVE-2021-38613 | 1 Nascent | 1 Remkon Device Manager | 2024-11-21 | 9.8 Critical |
| The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution. | ||||
| CVE-2021-38484 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-11-21 | 9.1 Critical |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution. | ||||
| CVE-2021-38471 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 9.1 Critical |
| There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files. | ||||
| CVE-2021-38366 | 1 Sitecore | 1 Sitecore | 2024-11-21 | 8.8 High |
| Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL. | ||||
| CVE-2021-38305 | 1 23andme | 1 Yamale | 2024-11-21 | 7.8 High |
| 23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each line is run through Python's eval function to make the validator available. A well-constructed string within the schema rules can execute system commands; thus, by exploiting the vulnerability, an attacker can run arbitrary code on the image that invokes Yamale. | ||||
| CVE-2021-37931 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | ||||
| CVE-2021-37930 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | ||||
| CVE-2021-37929 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | ||||
| CVE-2021-37928 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | ||||
| CVE-2021-37926 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | ||||