Search Results (363855 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36705 1 Prolink 2 Prc2402m, Prc2402m Firmware 2024-11-21 9.8 Critical
In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system.
CVE-2021-36703 1 Htmly 1 Htmly 2024-11-21 6.1 Medium
The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website name.
CVE-2021-36702 1 Htmly 1 Htmly 2024-11-21 6.1 Medium
The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through special content.
CVE-2021-36701 1 Htmly 1 Htmly 2024-11-21 9.1 Critical
In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the host.
CVE-2021-36698 1 Artica 1 Pandora Fms 2024-11-21 5.4 Medium
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
CVE-2021-36697 1 Artica 1 Pandora Fms 2024-11-21 6.7 Medium
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.
CVE-2021-36696 1 Deskpro 1 Deskpro 2024-11-21 5.4 Medium
Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in social media links on a user profile due to lack of input validation.
CVE-2021-36695 1 Deskpro 1 Deskpro 2024-11-21 5.4 Medium
Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in the download file feature on a manager profile due to lack of input validation.
CVE-2021-36692 1 Libjxl Project 1 Libjxl 2024-11-21 6.5 Medium
libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.
CVE-2021-36691 1 Libjxl Project 1 Libjxl 2024-11-21 7.5 High
libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service.
CVE-2021-36668 1 Druva 1 Insync Client 2024-11-21 7.8 High
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.
CVE-2021-36667 1 Druva 1 Insync Client 2024-11-21 7.8 High
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library.
CVE-2021-36666 1 Druva 1 Insync Client 2024-11-21 7.8 High
An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.
CVE-2021-36665 1 Druva 1 Insync Client 2024-11-21 7.8 High
An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon.
CVE-2021-36654 1 Cmsuno Project 1 Cmsuno 2024-11-21 5.4 Medium
CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.
CVE-2021-36646 1 Kodcloud 1 Kodexplorer 2024-11-21 6.1 Medium
A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page.
CVE-2021-36625 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 8.8 High
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
CVE-2021-36624 1 Phone Shop Sales Management System Project 1 Phone Shop Sales Management System 2024-11-21 9.8 Critical
Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
CVE-2021-36623 1 Phone Shop Sales Management System Project 1 Phone Shop Sales Management System 2024-11-21 9.8 Critical
Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.
CVE-2021-36622 1 Online Covid Vaccination Scheduler System Project 1 Online Covid Vaccination Scheduler System 2024-11-21 9.8 Critical
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell.