Search Results (362544 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-35298 1 Zammad 1 Zammad 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.
CVE-2021-35297 1 Scalabium 1 Dbase Viewer 2024-11-21 7.8 High
Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SEH) records and redirect execution to attacker-controlled code.
CVE-2021-35296 1 Ptcl 2 Hg150-ub, Hg150-ub Firmware 2024-11-21 9.8 Critical
An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path.
CVE-2021-35283 1 Atoms183 Cms Project 1 Atoms183 Cms 2024-11-21 9.8 Critical
SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php.
CVE-2021-35269 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Advanced Virtualization and 2 more 2024-11-21 7.8 High
NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
CVE-2021-35267 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Advanced Virtualization and 2 more 2024-11-21 7.8 High
NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.
CVE-2021-35266 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Advanced Virtualization and 2 more 2024-11-21 7.8 High
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.
CVE-2021-35265 1 Maxsite 1 Maxsite Cms 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.
CVE-2021-35254 1 Solarwinds 1 Webhelpdesk 2024-11-21 8.2 High
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.
CVE-2021-35251 1 Solarwinds 1 Web Help Desk 2024-11-21 5.3 Medium
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.
CVE-2021-35250 1 Solarwinds 1 Serv-u 2024-11-21 7.5 High
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.
CVE-2021-35249 1 Solarwinds 1 Serv-u 2024-11-21 4.3 Medium
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.
CVE-2021-35248 2 Microsoft, Solarwinds 2 Windows, Orion Platform 2024-11-21 6.8 Medium
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
CVE-2021-35245 2 Microsoft, Solarwinds 2 Windows, Serv-u 2024-11-21 8.4 High
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.
CVE-2021-35244 2 Microsoft, Solarwinds 2 Windows, Orion Platform 2024-11-21 6.8 Medium
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.
CVE-2021-35243 1 Solarwinds 1 Web Help Desk 2024-11-21 5.3 Medium
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
CVE-2021-35242 1 Solarwinds 1 Serv-u 2024-11-21 8.3 High
Serv-U server responds with valid CSRFToken when the request contains only Session.
CVE-2021-35240 2 Microsoft, Solarwinds 2 Internet Explorer, Orion Platform 2024-11-21 6.5 Medium
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.
CVE-2021-35239 1 Solarwinds 1 Orion Platform 2024-11-21 7.5 High
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
CVE-2021-35238 1 Solarwinds 1 Orion Platform 2024-11-21 4.8 Medium
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.