U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 206,541 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2021-36503

SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file.

Published: February 03, 2023; 1:15:10 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36493

Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.

Published: February 03, 2023; 1:15:10 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36489

Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon.

Published: February 03, 2023; 1:15:10 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36484

SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.

Published: February 03, 2023; 1:15:10 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36444

Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.

Published: February 03, 2023; 1:15:09 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36443

Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.

Published: February 03, 2023; 1:15:09 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36434

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php.

Published: February 03, 2023; 1:15:09 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36433

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php.

Published: February 03, 2023; 1:15:09 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36432

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php.

Published: February 03, 2023; 1:15:09 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36431

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php.

Published: February 03, 2023; 1:15:09 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36426

File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.

Published: February 03, 2023; 1:15:09 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36425

Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.

Published: February 03, 2023; 1:15:09 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36424

An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.

Published: February 03, 2023; 1:15:09 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-22975

jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS).

Published: February 03, 2023; 12:15:09 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-24157

A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Published: February 03, 2023; 11:15:15 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-24156

A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Published: February 03, 2023; 11:15:14 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-24155

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.

Published: February 03, 2023; 11:15:14 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-24154

TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.

Published: February 03, 2023; 11:15:14 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-24153

A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Published: February 03, 2023; 11:15:14 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-24152

A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Published: February 03, 2023; 11:15:14 AM -0500
V3.x:(not available)
V2.0:(not available)