Search Results (Refine Search)

Search Parameters:
There are 155,605 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2021-3604

Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.

Published: June 18, 2021; 11:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-18442

Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".

Published: June 18, 2021; 11:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-32956

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.

Published: June 18, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-32954

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.

Published: June 18, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23846

When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021.

Published: June 18, 2021; 10:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23845

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.

Published: June 18, 2021; 10:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-21997

VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.

Published: June 18, 2021; 9:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34815

CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter.

Published: June 18, 2021; 8:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-26835

No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file.

Published: June 18, 2021; 8:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-26834

A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode.

Published: June 18, 2021; 8:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33577

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.

Published: June 18, 2021; 7:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33576

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.

Published: June 18, 2021; 7:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33347

An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur.

Published: June 18, 2021; 7:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-32536

The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks.

Published: June 18, 2021; 6:15:09 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-21669

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Published: June 18, 2021; 6:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34812

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.

Published: June 17, 2021; 11:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34811

Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.

Published: June 17, 2021; 11:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34810

Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.

Published: June 17, 2021; 11:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34809

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.

Published: June 17, 2021; 11:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34808

Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.

Published: June 17, 2021; 11:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)