VYPR

CVEs

31,782 total · page 378 of 636

  • CVE-2020-21865CriOct 7, 2021
    risk 0.64cvss 9.8epss 0.02

    ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha.

  • CVE-2021-42094CriOct 7, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.

  • CVE-2021-42071CriOct 7, 2021
    risk 0.72cvss 9.8epss 0.70

    In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.

  • CVE-2021-42013CriKEVOct 7, 2021
    risk 0.86cvss 9.8epss 1.00

    It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by…

  • CVE-2021-3833CriOct 7, 2021
    risk 0.64cvss 9.8epss 0.01

    Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with…

  • CVE-2021-37931CriOct 7, 2021
    risk 0.64cvss 9.8epss 0.09

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

  • CVE-2021-37930CriOct 7, 2021
    risk 0.64cvss 9.8epss 0.09

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

  • CVE-2021-37929CriOct 7, 2021
    risk 0.64cvss 9.8epss 0.09

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

  • CVE-2021-37928CriOct 7, 2021
    risk 0.64cvss 9.8epss 0.09

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

  • CVE-2021-37926CriOct 7, 2021
    risk 0.70cvss 9.8epss 0.74

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

  • CVE-2021-37924CriOct 7, 2021
    risk 0.65cvss 9.8epss 0.11

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

  • CVE-2021-37923CriOct 7, 2021
    risk 0.65cvss 9.8epss 0.11

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

  • CVE-2021-37921CriOct 7, 2021
    risk 0.65cvss 9.8epss 0.11

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

  • CVE-2021-37920CriOct 7, 2021
    risk 0.65cvss 9.8epss 0.11

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

  • CVE-2021-37919CriOct 7, 2021
    risk 0.65cvss 9.8epss 0.11

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

  • CVE-2021-37918CriOct 7, 2021
    risk 0.70cvss 9.8epss 0.74

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

  • CVE-2021-37762CriOct 7, 2021
    risk 0.64cvss 9.8epss 0.08

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.

  • CVE-2021-3832CriOct 7, 2021
    risk 0.64cvss 9.8epss 0.02

    Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.

  • CVE-2021-22958CriOct 7, 2021
    risk 0.00cvss 9.8epss 0.01

    A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0…

  • CVE-2021-22930CriOct 7, 2021
    risk 0.67cvss 9.8epss 0.37

    Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

  • CVE-2021-32172CriOct 7, 2021
    risk 0.72cvss 9.8epss 0.66

    Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin.

  • CVE-2020-21653CriOct 6, 2021
    risk 0.59cvss 9.1epss 0.01

    Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() method.

  • CVE-2020-21652CriOct 6, 2021
    risk 0.64cvss 9.8epss 0.03

    Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method.

  • CVE-2020-21651CriOct 6, 2021
    risk 0.64cvss 9.8epss 0.03

    Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method.

  • CVE-2020-21648CriOct 6, 2021
    risk 0.59cvss 9.1epss 0.01

    WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php.

  • CVE-2021-41128CriOct 6, 2021
    risk 0.00cvss 9.1epss 0.01

    Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports (Statistics & BAG MED) contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported…

  • CVE-2021-38923CriOct 6, 2021
    risk 0.59cvss 9.1epss 0.01

    IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162.

  • CVE-2021-29908CriOct 6, 2021
    risk 0.64cvss 9.8epss 0.02

    The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747.

  • CVE-2021-29903CriOct 6, 2021
    risk 0.64cvss 9.8epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID:…

  • CVE-2021-29798CriOct 6, 2021
    risk 0.64cvss 9.8epss 0.01

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID:…

  • CVE-2021-3625CriOct 5, 2021
    risk 0.63cvss 9.6epss 0.02

    Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363

  • CVE-2021-39226CriKEVOct 5, 2021
    risk 0.13cvss 9.8epss 1.00

    Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot…

  • CVE-2021-41553CriOct 5, 2021
    risk 0.64cvss 9.8epss 0.01

    In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without…

  • CVE-2021-41773CriKEVOct 5, 2021
    risk 0.86cvss 9.8epss 1.00

    A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the…

  • CVE-2021-23857CriOct 4, 2021
    risk 0.65cvss 10.0epss 0.01

    Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.

  • CVE-2021-23856CriOct 4, 2021
    risk 0.65cvss 10.0epss 0.01

    The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.

  • CVE-2021-41592CriOct 4, 2021
    risk 0.61cvss 9.4epss 0.01

    Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.

  • CVE-2021-41591CriOct 4, 2021
    risk 0.00cvss 9.4epss 0.02

    ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.

  • CVE-2021-35296CriOct 4, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path.

  • CVE-2021-41868CriOct 4, 2021
    risk 0.00cvss 9.8epss 0.02

    OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.

  • CVE-2021-38823CriOct 4, 2021
    risk 0.64cvss 9.8epss 0.01

    The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.

  • CVE-2021-37333CriOct 4, 2021
    risk 0.64cvss 9.8epss 0.01

    Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser.

  • CVE-2021-41511CriOct 4, 2021
    risk 0.64cvss 9.8epss 0.03

    The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.

  • CVE-2021-40323CriOct 4, 2021
    risk 0.00cvss 9.8epss 0.88

    Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.

  • CVE-2021-41862CriOct 2, 2021
    risk 0.64cvss 9.8epss 0.02

    AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).

  • CVE-2020-21012CriOct 1, 2021
    risk 0.64cvss 9.8epss 0.03

    Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.

  • CVE-2021-41647CriOct 1, 2021
    risk 0.59cvss 9.1epss 0.02

    An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an…

  • CVE-2021-3825CriOct 1, 2021
    risk 0.63cvss 9.6epss 0.02

    On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.

  • CVE-2021-41649CriOct 1, 2021
    risk 0.68cvss 9.8epss 0.52

    An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.

  • CVE-2021-40960CriOct 1, 2021
    risk 0.64cvss 9.8epss 0.10

    Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.