Search Results (363401 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-29414 1 St 95 Stm32cubel4 Firmware, Stm32l412c8, Stm32l412cb and 92 more 2024-11-21 6.1 Medium
STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.
CVE-2021-29400 1 Netexplorer 1 My Smtp Contact 2024-11-21 6.5 Medium
A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site.
CVE-2021-29399 2 Php, Xmbforum2 2 Php, Xmb 2024-11-21 6.1 Medium
XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16.
CVE-2021-29398 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 5.3 Medium
Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application.
CVE-2021-29397 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 7.5 High
Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP.
CVE-2021-29396 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 9.8 Critical
Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication.
CVE-2021-29395 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 7.5 High
Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application.
CVE-2021-29394 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 6.5 Medium
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request.
CVE-2021-29393 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 9.8 Critical
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.
CVE-2021-29390 3 Fedoraproject, Libjpeg-turbo, Redhat 3 Fedora, Libjpeg-turbo, Enterprise Linux 2024-11-21 7.1 High
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
CVE-2021-29388 1 Budget Management System Project 1 Budget Management System 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'.
CVE-2021-29387 1 Equipment Inventory System Project 1 Equipment Inventory System 2024-11-21 5.4 Medium
Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters.
CVE-2021-29379 1 Dlink 2 Dir-802, Dir-802 Firmware 2024-11-21 8.8 High
An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-29378 1 Pearadmin 1 Pear Admin Think 2024-11-21 8.8 High
SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php.
CVE-2021-29377 1 Pearadmin 1 Pearadmin Think 2024-11-21 9.8 Critical
Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt.
CVE-2021-29376 2 Debian, Eterna 2 Debian Linux, Ircii 2024-11-21 7.5 High
ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message.
CVE-2021-29370 1 Cheetah Browser Project 1 Cheetah Browser 2024-11-21 6.1 Medium
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-29369 1 Gnuplot Project 1 Gnuplot 2024-11-21 9.8 Critical
The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.
CVE-2021-29367 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file.
CVE-2021-29366 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.