Search Results (363994 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-42654 1 Sscms 1 Siteserver Cms 2024-11-21 9.8 Critical
SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.
CVE-2021-42651 1 Pentest Collaboration Framework Project 1 Pentest Collaboration Framework 2024-11-21 8.8 High
A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/.
CVE-2021-42650 1 Portainer 1 Portainer 2024-11-21 6.1 Medium
Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.
CVE-2021-42648 1 Coder 1 Code-server 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL.
CVE-2021-42646 1 Wso2 3 Api Manager, Identity Server, Identity Server As Key Manager 2024-11-21 9.1 Critical
XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0. Allows attackers to gain read access to sensitive information or cause a denial of service via crafted GET requests.
CVE-2021-42645 1 Cmsimple-xh 1 Cmsimple Xh 2024-11-21 10.0 Critical
CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.
CVE-2021-42644 1 Cmseasy 1 Cmseasy 2024-11-21 6.5 Medium
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.
CVE-2021-42643 1 Cmseasy 1 Cmseasy 2024-11-21 8.8 High
cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability.
CVE-2021-42642 1 Printerlogic 1 Web Stack 2024-11-21 7.5 High
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer.
CVE-2021-42641 1 Printerlogic 1 Web Stack 2024-11-21 7.5 High
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users.
CVE-2021-42640 1 Printerlogic 1 Web Stack 2024-11-21 9.1 Critical
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer.
CVE-2021-42639 1 Printerlogic 1 Web Stack 2024-11-21 6.1 Medium
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization.
CVE-2021-42638 3 Apple, Linux, Printerlogic 3 Macos, Linux Kernel, Web Stack 2024-11-21 8.1 High
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.
CVE-2021-42637 1 Printerlogic 1 Web Stack 2024-11-21 9.8 Critical
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability.
CVE-2021-42635 3 Apple, Linux, Printerlogic 3 Macos, Linux Kernel, Web Stack 2024-11-21 8.1 High
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.
CVE-2021-42633 1 Printerlogic 1 Web Stack 2024-11-21 5.3 Medium
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records.
CVE-2021-42631 3 Apple, Linux, Printerlogic 4 Macos, Linux Kernel, Virtual Appliance and 1 more 2024-11-21 8.1 High
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution.
CVE-2021-42627 1 Dlink 8 Dir-615, Dir-615 Firmware, Dir-615 J1 and 5 more 2024-11-21 9.8 Critical
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.
CVE-2021-42624 1 Miniftpd Project 1 Miniftpd 2024-11-21 7.8 High
A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function.
CVE-2021-42614 2 Fedoraproject, Halibut Project 2 Fedora, Halibut 2024-11-21 7.8 High
A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.