Search Results (36905 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-45102 1 Wisc 1 Htcondor 2024-11-21 8.8 High
An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow.
CVE-2021-45041 1 Salesagility 1 Suitecrm 2024-11-21 8.8 High
SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resource_id and start_date.
CVE-2021-45014 1 Taogogo 1 Taocms 2024-11-21 9.8 Critical
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
CVE-2021-44966 1 Phpgurukul 1 Employee Record Management System 2024-11-21 9.8 Critical
SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.
CVE-2021-44924 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.
CVE-2021-44915 1 Taogogo 1 Taocms 2024-11-21 7.2 High
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
CVE-2021-44874 1 Dalmark 1 Systeam Enterprise Resource Planning 2024-11-21 8.8 High
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. The bi report module exposes direct SQL commands via POST data in order to select data for report generation. A malicious actor can use the bi report endpoint as a direct SQL prompt under the authenticated user.
CVE-2021-44868 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do
CVE-2021-44866 1 Projectworlds 1 Online Movie Ticket Booking System 2024-11-21 7.5 High
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.
CVE-2021-44857 1 Mediawiki 1 Mediawiki 2024-11-21 6.5 Medium
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead.
CVE-2021-44840 1 Deltarm 1 Delta Rm 2024-11-21 2.7 Low
An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid parameter and the operation with datas[query], it is possible to edit, create, and delete the following labels: Priority Indication, Quality Evaluation, Progress Margin and Priority. Furthermore, it is also possible to export Criticality labels with an unprivileged user.
CVE-2021-44835 1 Aivhub 1 Active Intelligence Visualization 2024-11-21 9.8 Critical
An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection.
CVE-2021-44718 1 Wolfssl 1 Wolfssl 2024-11-21 5.9 Medium
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.
CVE-2021-44655 1 Online Pre-owned\/used Car Showroom Management System Project 1 Online Pre-owned\/used Car Showroom Management System 2024-11-21 9.8 Critical
Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.
CVE-2021-44653 1 Oretnom23 1 Online Magazine Management System 2024-11-21 9.8 Critical
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.
CVE-2021-44647 2 Fedoraproject, Lua 2 Fedora, Lua 2024-11-21 5.5 Medium
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
CVE-2021-44617 1 Glpi-project 1 Glpi 2024-11-21 9.8 Critical
A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.
CVE-2021-44610 1 Bloofox 1 Bloofoxcms 2024-11-21 9.8 Critical
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php.
CVE-2021-44599 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2024-11-21 7.5 High
The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system.
CVE-2021-44595 1 Wondershare 1 Dr.fone 2024-11-21 8.8 High
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.