Search Results (365200 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-37377 1 Teradek 2 Brik, Brik Firmware 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.
CVE-2021-37376 1 Teradek 6 Bond, Bond 2, Bond 2 Firmware and 3 more 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.
CVE-2021-37375 1 Teradek 4 Vidiu, Vidiu Firmware, Vidiu Mini and 1 more 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.
CVE-2021-37372 1 Online Student Admission System Project 1 Online Student Admission System 2024-11-21 8.8 High
Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution.
CVE-2021-37371 1 Online Student Admission System Project 1 Online Student Admission System 2024-11-21 9.8 Critical
Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php.
CVE-2021-37367 1 Ctparental Project 1 Ctparental 2024-11-21 7.8 High
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands.
CVE-2021-37366 1 Ctparental Project 1 Ctparental 2024-11-21 8.8 High
CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.
CVE-2021-37365 1 Ctparental Project 1 Ctparental 2024-11-21 6.1 Medium
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.
CVE-2021-37364 1 Openclinic Ga Project 1 Openclinic Ga 2024-11-21 7.8 High
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.
CVE-2021-37363 1 Gestionaleopen 1 Gestionale Open 2024-11-21 7.8 High
An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.
CVE-2021-37358 1 Seacms 1 Seacms 2024-11-21 9.8 Critical
SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=".
CVE-2021-37354 1 Xerox 2 Phaser 4622, Phaser 4622 Firmware 2024-11-21 9.8 Critical
Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.
CVE-2021-37353 1 Nagios 1 Nagios Xi Docker Wizard 2024-11-21 9.8 Critical
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.
CVE-2021-37352 1 Nagios 1 Nagios Xi 2024-11-21 6.1 Medium
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.
CVE-2021-37351 1 Nagios 1 Nagios Xi 2024-11-21 5.3 Medium
Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.
CVE-2021-37350 1 Nagios 1 Nagios Xi 2024-11-21 9.8 Critical
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.
CVE-2021-37349 1 Nagios 1 Nagios Xi 2024-11-21 7.8 High
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.
CVE-2021-37348 1 Nagios 1 Nagios Xi 2024-11-21 7.5 High
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.
CVE-2021-37347 1 Nagios 1 Nagios Xi 2024-11-21 7.8 High
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.
CVE-2021-37346 1 Nagios 1 Nagios Xi Watchguard Wizard 2024-11-21 9.8 Critical
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).