Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-36503 |
SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. Published: February 03, 2023; 1:15:10 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-36493 |
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command. Published: February 03, 2023; 1:15:10 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-36489 |
Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon. Published: February 03, 2023; 1:15:10 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-36484 |
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. Published: February 03, 2023; 1:15:10 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-36444 |
Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. Published: February 03, 2023; 1:15:09 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-36443 |
Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. Published: February 03, 2023; 1:15:09 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-36434 |
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php. Published: February 03, 2023; 1:15:09 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-36433 |
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php. Published: February 03, 2023; 1:15:09 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-36432 |
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php. Published: February 03, 2023; 1:15:09 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-36431 |
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php. Published: February 03, 2023; 1:15:09 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-36426 |
File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php. Published: February 03, 2023; 1:15:09 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-36425 |
Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file. Published: February 03, 2023; 1:15:09 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-36424 |
An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation. Published: February 03, 2023; 1:15:09 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-22975 |
jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS). Published: February 03, 2023; 12:15:09 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-24157 |
A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. Published: February 03, 2023; 11:15:15 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-24156 |
A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. Published: February 03, 2023; 11:15:14 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-24155 |
TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini. Published: February 03, 2023; 11:15:14 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-24154 |
TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. Published: February 03, 2023; 11:15:14 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-24153 |
A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. Published: February 03, 2023; 11:15:14 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-24152 |
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. Published: February 03, 2023; 11:15:14 AM -0500 |
V3.x:(not available) V2.0:(not available) |