VYPR

CVEs

31,782 total · page 374 of 636

  • CVE-2021-42668CriNov 5, 2021
    risk 0.64cvss 9.8epss 0.05

    A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a…

  • CVE-2021-42667CriNov 5, 2021
    risk 0.65cvss 9.8epss 0.16

    A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web…

  • CVE-2021-42665CriNov 5, 2021
    risk 0.64cvss 9.8epss 0.05

    An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.

  • CVE-2021-42237CriKEVNov 5, 2021
    risk 0.93cvss 9.8epss 0.98

    Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

  • CVE-2021-43400CriNov 4, 2021
    risk 0.00cvss 9.1epss 0.02

    An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.

  • CVE-2021-21697CriNov 4, 2021
    risk 0.52cvss 9.1epss 0.02

    Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

  • CVE-2021-21696CriNov 4, 2021
    risk 0.57cvss 9.8epss 0.02

    Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified…

  • CVE-2021-21694CriNov 4, 2021
    risk 0.57cvss 9.8epss 0.02

    FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

  • CVE-2021-21693CriNov 4, 2021
    risk 0.57cvss 9.8epss 0.02

    When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

  • CVE-2021-21692CriNov 4, 2021
    risk 0.57cvss 9.8epss 0.02

    FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.

  • CVE-2021-21691CriNov 4, 2021
    risk 0.57cvss 9.8epss 0.02

    Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

  • CVE-2021-21690CriNov 4, 2021
    risk 0.57cvss 9.8epss 0.02

    Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

  • CVE-2021-21689CriNov 4, 2021
    risk 0.52cvss 9.1epss 0.01

    FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

  • CVE-2021-21687CriNov 4, 2021
    risk 0.00cvss 9.1epss 0.01

    Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.

  • CVE-2021-21685CriNov 4, 2021
    risk 0.52cvss 9.1epss 0.01

    Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs.

  • CVE-2021-40119CriNov 4, 2021
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker…

  • CVE-2021-40113CriNov 4, 2021
    risk 0.65cvss 10.0epss 0.05

    Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if…

  • CVE-2021-40112CriNov 4, 2021
    risk 0.65cvss 10.0epss 0.01

    Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if…

  • CVE-2021-34795CriNov 4, 2021
    risk 0.65cvss 10.0epss 0.02

    Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if…

  • CVE-2020-25368CriNov 4, 2021
    risk 0.65cvss 9.8epss 0.10

    A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.

  • CVE-2020-25366CriNov 4, 2021
    risk 0.59cvss 9.1epss 0.02

    An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.

  • CVE-2020-25367CriNov 4, 2021
    risk 0.65cvss 9.8epss 0.10

    A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.

  • CVE-2021-42772CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.01

    Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In…

  • CVE-2021-41492CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.02

    Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php.

  • CVE-2021-43140CriNov 3, 2021
    risk 0.67cvss 9.8epss 0.05

    SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.

  • CVE-2020-18262CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.01

    ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter.

  • CVE-2020-18261CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands.

  • CVE-2020-24743CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.03

    An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.

  • CVE-2020-24000CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.

  • CVE-2020-23679CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.02

    Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field.

  • CVE-2020-20982CriNov 3, 2021
    risk 0.63cvss 9.6epss 0.06

    Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.

  • CVE-2021-43082CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.02

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.

  • CVE-2021-43130CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.

  • CVE-2021-40849CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.01

    In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.

  • CVE-2021-39238CriNov 3, 2021
    risk 0.65cvss 9.8epss 0.12

    Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow.

  • CVE-2020-5955CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.

  • CVE-2021-41036CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.01

    In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket.

  • CVE-2021-20704CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.02

    Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and…

  • CVE-2021-20703CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.02

    Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows…

  • CVE-2021-20702CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.02

    Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows…

  • CVE-2021-20701CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.02

    Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to…

  • CVE-2021-20700CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.02

    Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to…

  • CVE-2021-43267CriNov 2, 2021
    risk 0.05cvss 9.8epss 0.58

    An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

  • CVE-2020-6492CriNov 2, 2021
    risk 0.62cvss 9.6epss 0.01

    Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2021-37981CriNov 2, 2021
    risk 0.62cvss 9.6epss 0.01

    Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-23754CriNov 2, 2021
    risk 0.63cvss 9.6epss 0.02

    Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.

  • CVE-2020-23719CriNov 2, 2021
    risk 0.63cvss 9.6epss 0.01

    Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.

  • CVE-2020-23718CriNov 2, 2021
    risk 0.63cvss 9.6epss 0.01

    Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php.

  • CVE-2020-23685CriNov 2, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.

  • CVE-2020-18440CriNov 2, 2021
    risk 0.64cvss 9.8epss 0.02

    Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code.