Total
2367 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7847 | 1 Iptime | 18 Nas-i, Nas-i Firmware, Nas-ii and 15 more | 2021-02-27 | 5.2 MEDIUM | 8.0 HIGH |
The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36. | |||||
CVE-2021-27513 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-26 | 6.5 MEDIUM | 8.8 HIGH |
The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside." | |||||
CVE-2021-25780 | 1 Baby Care System Project | 1 Baby Care System | 2021-02-24 | 6.5 MEDIUM | 7.2 HIGH |
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell. | |||||
CVE-2020-8639 | 1 Testlink | 1 Testlink | 2021-02-22 | 6.5 MEDIUM | 8.8 HIGH |
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application. | |||||
CVE-2020-4955 | 1 Ibm | 1 Spectrum Protect Operations Center | 2021-02-17 | 5.2 MEDIUM | 8.0 HIGH |
IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155. | |||||
CVE-2020-25037 | 1 Ucopia | 1 Ucopia Wireless Appliance | 2021-02-04 | 7.2 HIGH | 8.2 HIGH |
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command. | |||||
CVE-2021-3164 | 1 Churchdesk | 1 Churchrota | 2021-02-02 | 6.5 MEDIUM | 8.8 HIGH |
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php. | |||||
CVE-2020-24549 | 1 Openmaint | 1 Openmaint | 2021-02-02 | 6.5 MEDIUM | 8.8 HIGH |
openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server. | |||||
CVE-2020-22643 | 1 Feehi | 1 Feehi Cms | 2021-01-29 | 6.5 MEDIUM | 7.2 HIGH |
Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files. | |||||
CVE-2020-26252 | 1 Openmage | 1 Openmage | 2021-01-28 | 6.5 MEDIUM | 7.2 HIGH |
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved. | |||||
CVE-2020-26285 | 1 Openmage | 1 Openmage | 2021-01-28 | 6.5 MEDIUM | 7.2 HIGH |
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an executable file on the server. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved | |||||
CVE-2020-26295 | 1 Openmage | 1 Openmage | 2021-01-28 | 6.5 MEDIUM | 7.2 HIGH |
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved | |||||
CVE-2021-3166 | 1 Asus | 2 Dsl-n14u B1, Dsl-n14u B1 Firmware | 2021-01-27 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services. | |||||
CVE-2020-19364 | 1 Open-emr | 1 Openemr | 2021-01-22 | 6.5 MEDIUM | 8.8 HIGH |
OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php. | |||||
CVE-2021-21245 | 1 Onedev Project | 1 Onedev | 2021-01-21 | 7.5 HIGH | 9.8 CRITICAL |
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server. This issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments folder. | |||||
CVE-2020-36167 | 1 Veritas | 1 Backup Exec | 2021-01-14 | 7.2 HIGH | 8.8 HIGH |
An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cnf. A low privileged user can create a :\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. If the system is also an Active Directory domain controller, then this can affect the entire domain. | |||||
CVE-2019-18643 | 1 Sparkdevnetwork | 1 Rock Rms | 2021-01-13 | 7.5 HIGH | 9.8 CRITICAL |
Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to upload ASPX code and gain remote code execution on the application. The application typically runs as LocalSystem as mandated in the installation guide. Patched in versions 8.10 and 9.4. | |||||
CVE-2020-2730 | 1 Oracle | 1 Revenue Management And Billing | 2021-01-13 | 4.9 MEDIUM | 5.4 MEDIUM |
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0.0, 2.7.0.1 and 2.8.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
CVE-2020-35945 | 1 Elegant Themes | 3 Divi, Divi Builder, Divi Extra | 2021-01-12 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side. | |||||
CVE-2020-4928 | 1 Ibm | 1 Cloud Pak System | 2021-01-05 | 4.6 MEDIUM | 6.7 MEDIUM |
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705. |