• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2021-40940

February 23, 2023 by

Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.

CVE-2021-40954

February 23, 2023 by

Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.

CVE-2021-40883

February 23, 2023 by

A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.

CVE-2021-40905

February 23, 2023 by

** DISPUTED ** The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of “.mkp” files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner.

CVE-2021-4080

February 23, 2023 by

crater is vulnerable to Unrestricted Upload of File with Dangerous Type

CVE-2021-40845

February 23, 2023 by

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 114
  • Go to page 115
  • Go to page 116
  • Go to page 117
  • Go to page 118
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE