Search Results (363142 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-25899 1 Void 1 Aurall Rec Monitor 2024-11-21 7.5 High
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.
CVE-2021-25898 1 Void 1 Aural Rec Monitor 2024-11-21 7.5 High
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server.
CVE-2021-25894 1 Magnolia-cms 1 Magnolia Cms 2024-11-21 6.1 Medium
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.
CVE-2021-25893 1 Magnolia-cms 1 Magnolia Cms 2024-11-21 5.4 Medium
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.
CVE-2021-25878 1 Youphptube 1 Youphptube 2024-11-21 6.1 Medium
AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.
CVE-2021-25877 1 Youphptube 1 Youphptube 2024-11-21 7.2 High
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.
CVE-2021-25876 1 Youphptube 1 Youphptube 2024-11-21 6.1 Medium
AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.
CVE-2021-25875 1 Youphptube 1 Youphptube 2024-11-21 6.1 Medium
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.
CVE-2021-25874 1 Youphptube 1 Youphptube 2024-11-21 7.5 High
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.
CVE-2021-25864 1 Dgtl 1 Huemagic 2024-11-21 7.5 High
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
CVE-2021-25863 1 Open5gs 1 Open5gs 2024-11-21 8.8 High
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
CVE-2021-25857 1 Supermicro-cms Project 1 Supermicro-cms 2024-11-21 7.2 High
An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php.
CVE-2021-25856 1 Supermicro-cms Project 1 Supermicro-cms 2024-11-21 4.9 Medium
An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php.
CVE-2021-25849 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 7.5 High
An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.
CVE-2021-25848 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 9.1 Critical
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.
CVE-2021-25847 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 9.1 Critical
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.
CVE-2021-25846 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 7.5 High
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.
CVE-2021-25845 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 7.5 High
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet.
CVE-2021-25839 1 Minthcm 1 Minthcm 2024-11-21 9.8 Critical
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.
CVE-2021-25838 1 Minthcm 1 Minthcm 2024-11-21 6.1 Medium
The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload.