Search Results (364967 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-34128 1 Laiketui 1 Laiketui 2024-11-21 8.8 High
LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.
CVE-2021-34123 1 Atasm Project 1 Atasm 2024-11-21 9.8 Critical
An issue was discovered on atasm, version 1.09. A stack-buffer-overflow vulnerability in function aprintf() in asm.c allows attackers to execute arbitrary code on the system via a crafted file.
CVE-2021-34122 1 Rockcarry 1 Ffjpeg 2024-11-21 5.5 Medium
The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.
CVE-2021-34121 1 Htmldoc Project 1 Htmldoc 2024-11-21 7.8 High
An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.
CVE-2021-34119 1 Htmldoc Project 1 Htmldoc 2024-11-21 7.8 High
A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.
CVE-2021-34111 1 Thecus 2 N4800eco, N4800eco Firmware 2024-11-21 9.8 Critical
Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php.
CVE-2021-34110 1 Nica 1 Winwaste.net 2024-11-21 7.8 High
WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges.
CVE-2021-34087 1 Ultimaker 6 Ultimaker 3, Ultimaker 3 Firmware, Ultimaker S3 and 3 more 2024-11-21 7.1 High
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page.
CVE-2021-34086 1 Ultimaker 6 Ultimaker 3, Ultimaker 3 Firmware, Ultimaker S3 and 3 more 2024-11-21 8.8 High
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests.
CVE-2021-34085 1 Glensawyer 1 Mp3gain 2024-11-21 9.8 Critical
Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and CVE-2018-10778.
CVE-2021-34084 1 S3-uploader Project 1 S3-uploader 2024-11-21 9.8 Critical
OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.
CVE-2021-34083 1 Google-it Project 1 Google-it 2024-11-21 8.1 High
Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially exposing the server to RCE.
CVE-2021-34082 1 Proctree Project 1 Proctree 2024-11-21 9.8 Critical
OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function.
CVE-2021-34081 1 Gitsome Project 1 Gitsome 2024-11-21 8.8 High
OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.
CVE-2021-34080 1 Ssl-utils Project 1 Ssl-utils 2024-11-21 9.8 Critical
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.
CVE-2021-34079 1 Docker-tester Project 1 Docker-tester 2024-11-21 9.8 Critical
OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.
CVE-2021-34078 1 Adp 1 Lifion-verifiy-dependencies 2024-11-21 8.8 High
lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file.
CVE-2021-34075 1 Artica 1 Pandora Fms 2024-11-21 5.9 Medium
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
CVE-2021-34074 1 Pandorafms 1 Pandora Fms 2024-11-21 9.8 Critical
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.
CVE-2021-34073 1 Gadget Works Online Ordering System Project 1 Gadget Works Online Ordering System 2024-11-21 5.4 Medium
A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php.