Hírolvasó

NVD: all CVE · 2023. február 3.

CVE-2021-37376

** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.
NVD: all CVE · 2023. február 3.

CVE-2021-36545

Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.
NVD: all CVE · 2023. február 3.

CVE-2021-36546

Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
NVD: all CVE · 2023. február 3.

CVE-2021-36569

Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.
NVD: all CVE · 2023. február 3.

CVE-2021-36570

Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.
NVD: all CVE · 2023. február 3.

CVE-2021-36712

Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.
NVD: all CVE · 2023. február 3.

CVE-2021-37234

Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API.
NVD: all CVE · 2023. február 3.

CVE-2021-37304

An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
NVD: all CVE · 2023. február 3.

CVE-2021-37305

An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.
NVD: all CVE · 2023. február 3.

CVE-2021-37306

An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin.
NVD: all CVE · 2023. február 3.

CVE-2021-36484

SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.
NVD: all CVE · 2023. február 3.

CVE-2021-36489

Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon.
NVD: all CVE · 2023. február 3.

CVE-2021-36493

Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.
NVD: all CVE · 2023. február 3.

CVE-2021-36503

SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file.
NVD: all CVE · 2023. február 3.

CVE-2021-36532

Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php.
NVD: all CVE · 2023. február 3.

CVE-2021-36535

Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.
NVD: all CVE · 2023. február 3.

CVE-2021-36538

Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports.
NVD: all CVE · 2023. február 3.

CVE-2021-36544

Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.
NVD: all CVE · 2023. február 3.

CVE-2021-36424

An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.
NVD: all CVE · 2023. február 3.

CVE-2021-36425

Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.