Search Results (Refine Search)

Search Parameters:
There are 155,688 matching records.
Displaying matches 261 through 280.
Vuln ID Summary CVSS Severity
CVE-2021-34129

LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter.

Published: June 15, 2021; 4:15:14 PM -0400
V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2021-34128

LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.

Published: June 15, 2021; 4:15:14 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-33887

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader.

Published: June 15, 2021; 4:15:14 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33622

Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.

Published: June 15, 2021; 4:15:14 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2021-32683

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> open in new tab, or copy the URL and paste it in the URL bar), an the image payload is executed on the domain hosting the app (app.wire.com). In particular, if an image contains malicious code in addition to the actual picture, this code is executed on app.wire.com. This allows the attacker to fully control the user account. The vulnerability was patched in version 2021-06-01-production.0. As a workaround, users should not try to open image URLs.

Published: June 15, 2021; 4:15:13 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-27388

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

Published: June 15, 2021; 4:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23395

This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor.prototype payload.

Published: June 15, 2021; 4:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-7864

Parameter manipulation can bypass authentication to cause file upload and execution. This will execute the remote code. This issue affects: Raonwiz DEXT5Editor versions prior to 3.5.1405747.1100.03.

Published: June 15, 2021; 4:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-5000

IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952.

Published: June 15, 2021; 4:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-29215

A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account.

Published: June 15, 2021; 4:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-29214

SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php.

Published: June 15, 2021; 4:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-21316

A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.

Published: June 15, 2021; 4:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-31502

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673.

Published: June 15, 2021; 3:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-31501

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13310.

Published: June 15, 2021; 3:15:10 PM -0400
V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2021-31500

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12746.

Published: June 15, 2021; 3:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-31499

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745.

Published: June 15, 2021; 3:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-31498

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12744.

Published: June 15, 2021; 3:15:10 PM -0400
V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2021-31497

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311.

Published: June 15, 2021; 3:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-31496

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13308.

Published: June 15, 2021; 3:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-31495

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307.

Published: June 15, 2021; 3:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM