VYPR

CVEs

31,781 total · page 389 of 636

  • CVE-2021-24036CriJul 23, 2021
    risk 0.00cvss 9.8epss 0.03

    Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions…

  • CVE-2021-25213CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php.

  • CVE-2021-25211CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.02

    Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php.

  • CVE-2021-25209CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php .

  • CVE-2021-25205CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php .

  • CVE-2021-26223CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_pay.php.

  • CVE-2021-25212CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php.

  • CVE-2021-25210CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.01

    Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php.

  • CVE-2020-7388CriJul 22, 2021
    risk 0.74cvss 10.0epss 0.70

    Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can…

  • CVE-2021-35942CriJul 22, 2021
    risk 0.59cvss 9.1epss 0.03

    The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs…

  • CVE-2021-35464CriKEVJul 22, 2021
    risk 0.93cvss 9.8epss 1.00

    ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the…

  • CVE-2021-33032CriJul 22, 2021
    risk 0.69cvss 10.0epss 0.52

    A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows remote unauthenticated attackers to execute system commands as root via a simple…

  • CVE-2021-26226CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php.

  • CVE-2021-25202CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php.

  • CVE-2020-36033CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php.

  • CVE-2021-26232CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php.

  • CVE-2021-26231CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php.

  • CVE-2021-26229CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php.

  • CVE-2021-26228CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php.

  • CVE-2021-26765CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php.

  • CVE-2019-20467CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available (which is not advertised or functionally used, but is nevertheless available). Two backdoor accounts (root and default) exist that…

  • CVE-2021-35522CriJul 22, 2021
    risk 0.64cvss 9.8epss 0.04

    A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via…

  • CVE-2021-32744CriJul 21, 2021
    risk 0.64cvss 9.8epss 0.01

    Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the…

  • CVE-2021-37155CriJul 21, 2021
    risk 0.00cvss 9.8epss 0.01

    wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.

  • CVE-2021-2447CriJul 21, 2021
    risk 0.64cvss 9.9epss 0.01

    Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle…

  • CVE-2021-2446CriJul 21, 2021
    risk 0.63cvss 9.6epss 0.02

    Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle…

  • CVE-2021-2397CriJul 21, 2021
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2021-2394CriJul 21, 2021
    risk 0.70cvss 9.8epss 0.77

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2021-2382CriJul 21, 2021
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2021-2355CriJul 21, 2021
    risk 0.59cvss 9.1epss 0.01

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2021-22772CriJul 21, 2021
    risk 0.64cvss 9.8epss 0.02

    A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 ((Modbus) SC2-04MOD-07000100 and earlier), Easergy T200 ((IEC104) SC2-04IEC-07000100 and earlier), and Easergy T200 ((DNP3) SC2-04DNP-07000102 and earlier) that could cause unauthorized…

  • CVE-2021-22730CriJul 21, 2021
    risk 0.64cvss 9.8epss 0.01

    A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that…

  • CVE-2021-22729CriJul 21, 2021
    risk 0.64cvss 9.8epss 0.02

    A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that…

  • CVE-2021-22727CriJul 21, 2021
    risk 0.64cvss 9.8epss 0.01

    A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could…

  • CVE-2021-22707CriJul 21, 2021
    risk 0.69cvss 9.8epss 0.65

    A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that…

  • CVE-2020-21937CriJul 21, 2021
    risk 0.64cvss 9.8epss 0.05

    An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary system commands.

  • CVE-2020-21935CriJul 21, 2021
    risk 0.64cvss 9.8epss 0.04

    A command injection vulnerability in HNAP1/GetNetworkTomographySettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary code.

  • CVE-2021-2463CriJul 21, 2021
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2021-2456CriJul 21, 2021
    risk 0.70cvss 9.8epss 0.81

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access…

  • CVE-2020-35427CriJul 20, 2021
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.

  • CVE-2020-5349CriJul 19, 2021
    risk 0.64cvss 9.8epss 0.01

    Dell EMC Networking S4100 and S5200 Series Switches manufactured prior to February 2020 contain a hardcoded credential vulnerability. A remote unauthenticated malicious user could exploit this vulnerability and gain administrative privileges.

  • CVE-2020-5322CriJul 19, 2021
    risk 0.59cvss 9.1epss 0.02

    Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system.

  • CVE-2020-5320CriJul 19, 2021
    risk 0.59cvss 9.0epss 0.01

    Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to…

  • CVE-2021-20110CriJul 19, 2021
    risk 0.64cvss 9.8epss 0.07

    Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on…

  • CVE-2021-35965CriJul 19, 2021
    risk 0.64cvss 9.8epss 0.02

    The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.

  • CVE-2021-35963CriJul 19, 2021
    risk 0.64cvss 9.8epss 0.02

    The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks.

  • CVE-2021-33501CriJul 19, 2021
    risk 0.63cvss 9.6epss 0.08

    Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL.

  • CVE-2021-33027CriJul 19, 2021
    risk 0.64cvss 9.8epss 0.01

    Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.

  • CVE-2021-33592CriJul 19, 2021
    risk 0.64cvss 9.8epss 0.02

    NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function.

  • CVE-2021-33911CriJul 17, 2021
    risk 0.64cvss 9.8epss 0.05

    Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.