Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24387 | 1 Smartertools | 1 Smartertrack | 2022-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 | |||||
| CVE-2022-0912 | 1 Microweber | 1 Microweber | 2022-03-18 | 3.5 LOW | 4.8 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0930 | 1 Microweber | 1 Microweber | 2022-03-18 | 3.5 LOW | 4.8 MEDIUM |
| File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | |||||
| CVE-2021-44673 | 1 Croogo | 1 Croogo | 2022-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. | |||||
| CVE-2022-0921 | 1 Microweber | 1 Microweber | 2022-03-18 | 6.5 MEDIUM | 6.7 MEDIUM |
| Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. | |||||
| CVE-2021-35244 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2022-03-17 | 8.5 HIGH | 7.2 HIGH |
| The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution. | |||||
| CVE-2022-24652 | 1 Sentcms | 1 Sentcms | 2022-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. | |||||
| CVE-2022-24651 | 1 Sentcms | 1 Sentcms | 2022-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. | |||||
| CVE-2021-43970 | 1 Quicklert | 1 Quicklert | 2022-03-15 | 9.0 HIGH | 8.8 HIGH |
| An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM). | |||||
| CVE-2022-25115 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2022-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. | |||||
| CVE-2021-24960 | 1 Iptanus | 2 Wordpress File Upload, Wordpress File Upload Pro | 2022-03-11 | 3.5 LOW | 5.4 MEDIUM |
| The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks | |||||
| CVE-2021-24216 | 1 Servmask | 1 One-stop Wp Migration | 2022-03-11 | 6.5 MEDIUM | 7.2 HIGH |
| The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations. | |||||
| CVE-2022-25016 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-24254 | 1 Extensis | 1 Portfolio | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. | |||||
| CVE-2022-24253 | 1 Extensis | 1 Portfolio | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. | |||||
| CVE-2022-24252 | 1 Extensis | 1 Portfolio | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-24251 | 1 Extensis | 1 Portfolio | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. | |||||
| CVE-2022-23906 | 1 Cmsmadesimple | 1 Cms Made Simple | 2022-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. | |||||
| CVE-2022-25411 | 1 Max-3000 | 1 Maxsite Cms | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2019-18313 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||