Search Results (364725 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-35323 1 Bludit 1 Bludit 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
CVE-2021-35312 1 Gestionaleamica 1 Amica Prodigy 2024-11-21 7.8 High
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges.
CVE-2021-35309 1 Samsung 1 Syncthru Web Service 2024-11-21 7.5 High
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.
CVE-2021-35307 1 Axiosys 1 Bento4 2024-11-21 6.5 Medium
An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the AP4_DescriptorFinder::Test component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS).
CVE-2021-35306 1 Axiosys 1 Bento4 2024-11-21 6.5 Medium
An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the function AP4_StszAtom::WriteFields located in Ap4StszAtom.cpp. It allows an attacker to cause a denial of service (DOS).
CVE-2021-35303 1 Zammad 1 Zammad 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute.
CVE-2021-35302 1 Zammad 1 Zammad 2024-11-21 5.3 Medium
Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.
CVE-2021-35301 1 Zammad 1 Zammad 2024-11-21 5.3 Medium
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view.
CVE-2021-35300 1 Zammad 1 Zammad 2024-11-21 4.3 Medium
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page.
CVE-2021-35299 1 Zammad 1 Zammad 2024-11-21 7.5 High
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.
CVE-2021-35298 1 Zammad 1 Zammad 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.
CVE-2021-35297 1 Scalabium 1 Dbase Viewer 2024-11-21 7.8 High
Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SEH) records and redirect execution to attacker-controlled code.
CVE-2021-35296 1 Ptcl 2 Hg150-ub, Hg150-ub Firmware 2024-11-21 9.8 Critical
An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path.
CVE-2021-35283 1 Atoms183 Cms Project 1 Atoms183 Cms 2024-11-21 9.8 Critical
SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php.
CVE-2021-35265 1 Maxsite 1 Maxsite Cms 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.
CVE-2021-35254 1 Solarwinds 1 Webhelpdesk 2024-11-21 8.2 High
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.
CVE-2021-35251 1 Solarwinds 1 Web Help Desk 2024-11-21 5.3 Medium
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.
CVE-2021-35250 1 Solarwinds 1 Serv-u 2024-11-21 7.5 High
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.
CVE-2021-35249 1 Solarwinds 1 Serv-u 2024-11-21 4.3 Medium
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.
CVE-2021-35248 2 Microsoft, Solarwinds 2 Windows, Orion Platform 2024-11-21 6.8 Medium
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.