Search Results (366369 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-44317 1 Phpgurukul 1 Bus Pass Management System 2024-11-21 5.4 Medium
In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability.
CVE-2021-44315 1 Phpgurukul 1 Bus Pass Management System 2024-11-21 7.5 High
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server.
CVE-2021-44312 1 Firmware Analysis And Comparison Tool Project 1 Firmware Analysis And Comparison Tool 2024-11-21 8.8 High
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page.
CVE-2021-44310 1 Firmware Analysis And Comparison Tool Project 1 Firmware Analysis And Comparison Tool 2024-11-21 4.8 Medium
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality.
CVE-2021-44302 1 Baicloud-cms Project 1 Baicloud-cms 2024-11-21 8.8 High
BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php.
CVE-2021-44299 1 Naviwebs 1 Navigate Cms 2024-11-21 5.4 Medium
A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2021-44280 1 Attendance Management System Project 1 Attendance Management System 2024-11-21 9.8 Critical
attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function.
CVE-2021-44279 1 Librenms 1 Librenms 2024-11-21 6.1 Medium
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php.
CVE-2021-44278 1 Librenms 1 Librenms 2024-11-21 9.8 Critical
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.
CVE-2021-44277 1 Librenms 1 Librenms 2024-11-21 6.1 Medium
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php.
CVE-2021-44273 1 E2bn 1 E2guardian 2024-11-21 7.4 High
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.
CVE-2021-44269 3 Fedoraproject, Redhat, Wavpack 3 Fedora, Enterprise Linux, Wavpack 2024-11-21 5.5 Medium
An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.
CVE-2021-44266 1 Gunet 1 Open Eclass Platform 2024-11-21 6.1 Medium
GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter.
CVE-2021-44263 1 Gurock 1 Testrail 2024-11-21 5.4 Medium
Gurock TestRail before 7.2.4 mishandles HTML escaping.
CVE-2021-44262 1 Netgear 6 Mbr1517, Mbr1517 Firmware, Wac104 and 3 more 2024-11-21 7.5 High
A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.
CVE-2021-44261 1 Netgear 10 R6220, R6220 Firmware, R6900 and 7 more 2024-11-21 5.3 Medium
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.
CVE-2021-44260 1 Wavlink 2 Wl-wn531g3, Wl-wn531g3 Firmware 2024-11-21 7.5 High
A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router.
CVE-2021-44259 1 Wavlink 2 Wl-wn531g3, Wl-wn531g3 Firmware 2024-11-21 9.8 Critical
A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner.
CVE-2021-44255 2 Motioneye Project, Motioneyeos Project 2 Motioneye, Motioneyeos 2024-11-21 7.2 High
Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server.
CVE-2021-44249 1 Online Motorcycle \(bike\) Rental System Project 1 Online Motorcycle \(bike\) Rental System 2024-11-21 9.8 Critical
Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials.