Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-37931 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Oct 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37930 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Oct 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37929 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Oct 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37928 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Oct 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37926 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Oct 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37924 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Oct 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37923 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Oct 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37921 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Oct 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37920 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Oct 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37919 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Oct 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37918 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Oct 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37762 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Oct 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
CVE-2021-3832 1Artica 1Integria Ims Jun 17, 2026 Oct 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.
CVE-2021-40324 1Cobbler Project 1Cobbler Jun 17, 2026 Oct 4, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
CVE-2021-41290 1Ecoa 3Ecs Router Controller Ecs Firmware Riskbuster FirmwareRiskterminator Jun 17, 2026 Sep 30, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the...Show more ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device.Show less
CVE-2021-37105 1Huawei 1Fusioncompute Jun 17, 2026 Sep 28, 2021 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may u...Show more There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal.Show less
CVE-2020-20691 1Monstra 1Monstra Cms Jun 17, 2026 Sep 27, 2021 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
CVE-2021-37761 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Sep 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
CVE-2021-37539 1Zohocorp 1Manageengine Admanager Plus Jun 17, 2026 Sep 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
CVE-2021-26794 1Frogcms Project 1Frogcms Jun 17, 2026 Sep 23, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file.

Previous 1...157158159...206 Next