Vulnerabilities (CVE)

Filtered by CWE-434
Total 2367 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7847 1 Iptime 18 Nas-i, Nas-i Firmware, Nas-ii and 15 more 2021-02-27 5.2 MEDIUM 8.0 HIGH
The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.
CVE-2021-27513 1 Eyesofnetwork 1 Eyesofnetwork 2021-02-26 6.5 MEDIUM 8.8 HIGH
The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."
CVE-2021-25780 1 Baby Care System Project 1 Baby Care System 2021-02-24 6.5 MEDIUM 7.2 HIGH
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.
CVE-2020-8639 1 Testlink 1 Testlink 2021-02-22 6.5 MEDIUM 8.8 HIGH
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application.
CVE-2020-4955 1 Ibm 1 Spectrum Protect Operations Center 2021-02-17 5.2 MEDIUM 8.0 HIGH
IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.
CVE-2020-25037 1 Ucopia 1 Ucopia Wireless Appliance 2021-02-04 7.2 HIGH 8.2 HIGH
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.
CVE-2021-3164 1 Churchdesk 1 Churchrota 2021-02-02 6.5 MEDIUM 8.8 HIGH
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.
CVE-2020-24549 1 Openmaint 1 Openmaint 2021-02-02 6.5 MEDIUM 8.8 HIGH
openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server.
CVE-2020-22643 1 Feehi 1 Feehi Cms 2021-01-29 6.5 MEDIUM 7.2 HIGH
Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.
CVE-2020-26252 1 Openmage 1 Openmage 2021-01-28 6.5 MEDIUM 7.2 HIGH
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved.
CVE-2020-26285 1 Openmage 1 Openmage 2021-01-28 6.5 MEDIUM 7.2 HIGH
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an executable file on the server. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved
CVE-2020-26295 1 Openmage 1 Openmage 2021-01-28 6.5 MEDIUM 7.2 HIGH
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved
CVE-2021-3166 1 Asus 2 Dsl-n14u B1, Dsl-n14u B1 Firmware 2021-01-27 5.0 MEDIUM 7.5 HIGH
An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services.
CVE-2020-19364 1 Open-emr 1 Openemr 2021-01-22 6.5 MEDIUM 8.8 HIGH
OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.
CVE-2021-21245 1 Onedev Project 1 Onedev 2021-01-21 7.5 HIGH 9.8 CRITICAL
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server. This issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments folder.
CVE-2020-36167 1 Veritas 1 Backup Exec 2021-01-14 7.2 HIGH 8.8 HIGH
An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cnf. A low privileged user can create a :\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. If the system is also an Active Directory domain controller, then this can affect the entire domain.
CVE-2019-18643 1 Sparkdevnetwork 1 Rock Rms 2021-01-13 7.5 HIGH 9.8 CRITICAL
Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to upload ASPX code and gain remote code execution on the application. The application typically runs as LocalSystem as mandated in the installation guide. Patched in versions 8.10 and 9.4.
CVE-2020-2730 1 Oracle 1 Revenue Management And Billing 2021-01-13 4.9 MEDIUM 5.4 MEDIUM
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0.0, 2.7.0.1 and 2.8.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
CVE-2020-35945 1 Elegant Themes 3 Divi, Divi Builder, Divi Extra 2021-01-12 6.5 MEDIUM 8.8 HIGH
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.
CVE-2020-4928 1 Ibm 1 Cloud Pak System 2021-01-05 4.6 MEDIUM 6.7 MEDIUM
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.