Search Results (Refine Search)

Search Parameters:
There are 158,082 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2021-33339

Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_admin_web_portlet_SiteAdminPortlet_name parameter.

Published: August 04, 2021; 9:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33336

Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_journal_web_portlet_JournalPortlet_name parameter.

Published: August 04, 2021; 9:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-36483

DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization.

Published: August 04, 2021; 7:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-35397

A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by sending crafted HTTP request with specific path to read. Successful exploitation could allow the attacker to read files that should be restricted.

Published: August 04, 2021; 7:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-37232

A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64.

Published: August 04, 2021; 6:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-37231

A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check.

Published: August 04, 2021; 6:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-32813

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. A patch is available in version 2.4.13. There are no known workarounds aside from upgrading.

Published: August 03, 2021; 7:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-38084

An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.

Published: August 03, 2021; 6:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34273

A security flaw in the 'owned' function of a smart contract implementation for BTC2X (B2X), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets.

Published: August 03, 2021; 6:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34272

A security flaw in the 'owned' function of a smart contract implementation for RobotCoin (RBTC), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets.

Published: August 03, 2021; 6:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34270

An integer overflow in the mintToken function of a smart contract implementation for Doftcoin Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses.

Published: August 03, 2021; 6:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33403

An integer overflow in the transfer function of a smart contract implementation for Lancer Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses between two large accounts during a transaction.

Published: August 03, 2021; 6:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33335

Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator user.

Published: August 03, 2021; 6:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-19305

An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.

Published: August 03, 2021; 6:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-19304

An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information.

Published: August 03, 2021; 6:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-19303

An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file.

Published: August 03, 2021; 6:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-19302

An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php".

Published: August 03, 2021; 6:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-19301

A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter.

Published: August 03, 2021; 6:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33334

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration.

Published: August 03, 2021; 5:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33333

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.

Published: August 03, 2021; 5:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)