Search Results (363401 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-28294 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE).
CVE-2021-28293 1 Seceon 1 Aisiem 2024-11-21 9.8 Critical
Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker can set an arbitrary password for any user.
CVE-2021-28290 1 Identityserver4.admin Project 1 Identityserver4.admin 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter.
CVE-2021-28280 1 Php-fusion 1 Phpfusion 2024-11-21 6.1 Medium
CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML
CVE-2021-28278 1 Jhead Project 1 Jhead 2024-11-21 7.8 High
A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.
CVE-2021-28277 1 Jhead Project 1 Jhead 2024-11-21 7.8 High
A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.
CVE-2021-28276 1 Jhead Project 1 Jhead 2024-11-21 7.5 High
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.
CVE-2021-28275 1 Jhead Project 1 Jhead 2024-11-21 5.5 Medium
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.
CVE-2021-28271 1 Soyal 3 701clientsql, 701server, 701serversql 2024-11-21 8.8 High
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
CVE-2021-28269 1 Soyal 1 701client 2024-11-21 8.8 High
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.
CVE-2021-28250 1 Ca 1 Ehealth Performance Manager 2024-11-21 7.8 High
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-28249 1 Ca 1 Ehealth Performance Manager 2024-11-21 8.8 High
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-28248 1 Broadcom 1 Ehealth 2024-11-21 7.5 High
CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-28247 1 Ca 1 Ehealth Performance Manager 2024-11-21 5.4 Medium
CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and GroupText. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-28246 1 Broadcom 2 Ca Ehealth Performance Manager, Ehealth 2024-11-21 7.8 High
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-28245 1 Pbootcms 1 Pbootcms 2024-11-21 7.5 High
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.
CVE-2021-28242 1 B2evolution 1 B2evolution 2024-11-21 8.8 High
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
CVE-2021-28237 1 Gnu 1 Libredwg 2024-11-21 9.8 Critical
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
CVE-2021-28236 1 Gnu 1 Libredwg 2024-11-21 7.5 High
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.
CVE-2021-28233 1 Ok-file-formats Project 1 Ok-file-formats 2024-11-21 8.8 High
Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c.