Search Results (363962 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-35307 1 Axiosys 1 Bento4 2024-11-21 6.5 Medium
An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the AP4_DescriptorFinder::Test component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS).
CVE-2021-35306 1 Axiosys 1 Bento4 2024-11-21 6.5 Medium
An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the function AP4_StszAtom::WriteFields located in Ap4StszAtom.cpp. It allows an attacker to cause a denial of service (DOS).
CVE-2021-35303 1 Zammad 1 Zammad 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute.
CVE-2021-35302 1 Zammad 1 Zammad 2024-11-21 5.3 Medium
Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.
CVE-2021-35301 1 Zammad 1 Zammad 2024-11-21 5.3 Medium
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view.
CVE-2021-35300 1 Zammad 1 Zammad 2024-11-21 4.3 Medium
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page.
CVE-2021-35299 1 Zammad 1 Zammad 2024-11-21 7.5 High
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.
CVE-2021-35298 1 Zammad 1 Zammad 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.
CVE-2021-35297 1 Scalabium 1 Dbase Viewer 2024-11-21 7.8 High
Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SEH) records and redirect execution to attacker-controlled code.
CVE-2021-35296 1 Ptcl 2 Hg150-ub, Hg150-ub Firmware 2024-11-21 9.8 Critical
An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path.
CVE-2021-35283 1 Atoms183 Cms Project 1 Atoms183 Cms 2024-11-21 9.8 Critical
SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php.
CVE-2021-35265 1 Maxsite 1 Maxsite Cms 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.
CVE-2021-35254 1 Solarwinds 1 Webhelpdesk 2024-11-21 8.2 High
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.
CVE-2021-35251 1 Solarwinds 1 Web Help Desk 2024-11-21 5.3 Medium
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.
CVE-2021-35250 1 Solarwinds 1 Serv-u 2024-11-21 7.5 High
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.
CVE-2021-35249 1 Solarwinds 1 Serv-u 2024-11-21 4.3 Medium
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.
CVE-2021-35248 2 Microsoft, Solarwinds 2 Windows, Orion Platform 2024-11-21 6.8 Medium
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
CVE-2021-35245 2 Microsoft, Solarwinds 2 Windows, Serv-u 2024-11-21 8.4 High
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.
CVE-2021-35244 2 Microsoft, Solarwinds 2 Windows, Orion Platform 2024-11-21 6.8 Medium
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.
CVE-2021-35243 1 Solarwinds 1 Web Help Desk 2024-11-21 5.3 Medium
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.