87966 matches found
ROOT-OS-UBUNTU-2204-CVE-2021-26934 CVE-2021-26934 in rootio-linux - Patched by Root
Root has patched CVE-2021-26934 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor
Auerswald COMpact 5500R 7.8A and 8.0B devices contain an unauthenticated endpoint "https://192.168.1.2/aboutstate", enabling the bad actor to gain backdoor access to a web interface that allows for resetting the administrator password. id: CVE-2021-40859 info: name: Auerswald COMpact 5500R 7.8A a...
Ligeo Archives Ligeo Basics - Server Side Request Forgery
Ligeo Archives Ligeo Basics as of 0201-2022 is vulnerable to Server Side Request Forgery SSRF which allows an attacker to read any documents via the download features. id: CVE-2021-46107 info: name: Ligeo Archives Ligeo Basics - Server Side Request Forgery author: ritikchaddha severity: high...
myfactory FMS - Cross-Site Scripting
myfactory.FMS before 7.1-912 allows cross-site scripting via the Error parameter. id: CVE-2021-42566 info: name: myfactory FMS - Cross-Site Scripting author: madrobot,daffainfo severity: medium description: | myfactory.FMS before 7.1-912 allows cross-site scripting via the Error parameter. impact...
Clustering Local File Inclusion
Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. id: CVE-2021-43496 inf...
myfactory FMS - Cross-Site Scripting
myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter. id: CVE-2021-42565 info: name: myfactory FMS - Cross-Site Scripting author: madrobot,daffainfo severity: medium description: | myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter. impact: |...
KONGA 0.14.9 - Privilege Escalation
KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/ID at ADMIN parameter. id: CVE-2021-42192 info: name: KONGA 0.14.9 - Privilege Escalation author: rschio severity: high description...
Apache Superset <=1.3.2 - Default Login
Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-44451 info:...
AppCMS - Cross-Site Scripting
AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inchead.php. id: CVE-2021-45380 info: name: AppCMS - Cross-Site Scripting author: pikpikcu severity: medium description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inchead.php. impact: | Successfu...
D-Link DAP-1620 - Local File Inclusion
D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can lead to unauthorized internal files reading /etc/passwd and /etc/shadow. id: CVE-2021-46381 info: name: D-Link DAP-1620 - Local File Inclusion author: 0xAkoko severity: high description: D-Link DAP-1620 is...
Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. id: CVE-2021-46424 info: name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete author: gy741 severity:...
ehicle Service Management System 1.0 - Cross-Site Scripting
Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel. id: CVE-2021-46071 info: name: ehicle Service Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Vehicle Service...
ECOA Building Automation System - Arbitrary File Retrieval
The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. id: CVE-2021-41293 info: name: ECOA Building Automation...
FlatPress 1.2.1 - Stored Cross-Site Scripting
FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-41432 info: name: FlatPress 1.2.1 -...
MKdocs 1.2.2 - Directory Traversal
The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...
MinIO Operator Console Authentication Bypass
MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. id: CVE-2021-41266 info: name: MinIO Operator...
NetBiblio WebOPAC - Cross-Site Scripting
NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia module through /NetBiblio/search/shortview via the searchTerm parameter. id: CVE-2021-42551 info: name: NetBiblio WebOPAC - Cross-Site Scripting author: compr00t severity: medium...
SAS/Internet 9.4 1520 - Local File Inclusion
SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...
SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting
SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser. id: CVE-2021-42063 info: name: SAP Knowledge Warehouse =7.5.1 to mitigate the XSS vulnerability. reference: -...
Thinfinity Iframe Injection
A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could allow IFRAME injection via the "vpath" parameter. id: CVE-2021-45092 info: name: Thinfinity Iframe Injection author: danielmofer severity: critical description: A vulnerability exist...