• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2021-27274

February 23, 2023 by

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12124.

CVE-2021-27198

February 23, 2023 by

An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system.

CVE-2021-26918

February 23, 2023 by

** DISPUTED ** The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the “Send an image when a user joins the server” feature (or possibly have unspecified other impact) because the uploader web service allows double extensions (such as .html.jpg) with the text/html content type. NOTE: there may not be cases in which an uploader web service is customer controlled; however, the nature of the issue has substantial interaction with customer controlled configuration. NOTE: the vendor states “This is just an uploader (like any other one) which uploads files to cloud storage and accepts various file types. There is no kind of vulnerability and it won’t compromise either the client side or the server side.”

CVE-2021-26828

February 23, 2023 by

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

CVE-2021-26740

February 23, 2023 by

Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code.

CVE-2021-26794

February 23, 2023 by

Privilege escalation in ‘upload.php’ in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 139
  • Go to page 140
  • Go to page 141
  • Go to page 142
  • Go to page 143
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE