Search Results (362636 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-29394 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 6.5 Medium
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request.
CVE-2021-29393 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 9.8 Critical
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.
CVE-2021-29390 3 Fedoraproject, Libjpeg-turbo, Redhat 3 Fedora, Libjpeg-turbo, Enterprise Linux 2024-11-21 7.1 High
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
CVE-2021-29388 1 Budget Management System Project 1 Budget Management System 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'.
CVE-2021-29387 1 Equipment Inventory System Project 1 Equipment Inventory System 2024-11-21 5.4 Medium
Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters.
CVE-2021-29379 1 Dlink 2 Dir-802, Dir-802 Firmware 2024-11-21 8.8 High
An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-29378 1 Pearadmin 1 Pear Admin Think 2024-11-21 8.8 High
SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php.
CVE-2021-29377 1 Pearadmin 1 Pearadmin Think 2024-11-21 9.8 Critical
Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt.
CVE-2021-29376 2 Debian, Eterna 2 Debian Linux, Ircii 2024-11-21 7.5 High
ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message.
CVE-2021-29370 1 Cheetah Browser Project 1 Cheetah Browser 2024-11-21 6.1 Medium
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-29369 1 Gnuplot Project 1 Gnuplot 2024-11-21 9.8 Critical
The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.
CVE-2021-29367 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file.
CVE-2021-29366 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29365 1 Irfanview 1 Irfanview 2024-11-21 5.5 Medium
Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS).
CVE-2021-29364 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29363 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74
CVE-2021-29362 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29361 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29360 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29358 1 Irfanview 1 Irfanview 2024-11-21 5.5 Medium
A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DOS) via a crafted PVR file.