D-Link DIR850 ET850-1.08TRb03 - Open Redirect

DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites. id: CVE-2021-46379 info: name: D-Link DIR850 ET850-1.08TRb03 - Open Redirect author: 0xAkoko severity: medium description: DLink DIR850...

Apache Superset <=1.3.2 - Default Login

Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-44451 info:...

Grafana Unauthenticated Snapshot Creation

Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. id: CVE-2021-27358 info: name: Grafana Unauthenticated Snapshot Creation author: pdteam,bing0o severity: hi...

JustWriting - Cross-Site Scripting

A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. id: CVE-2021-41467 info: name: JustWriting - Cross-Site Scripting author: madrobot severity: medium...

Doctor Appointment System 1.0 - SQL Injection

SQL injection in the expertise parameter in searchresult.php in Doctor Appointment System v1.0. id: CVE-2021-27124 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: medium description: | SQL injection in the expertise parameter in searchresult.php in Doctor...

WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting

The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path...

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to...

Telesquare TLR-2855KS6 - Arbitrary File Deletion

An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts. id: CVE-2021-46419 info: name: Telesquare TLR-2855KS6 - Arbitrary File Deletion author: DhiyaneshDK severity: critical description: | An unauthorized file deleti...

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead ...

Wipro Holmes Orchestrator 20.4.1 - Information Disclosure

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

Nagios XI < 5.8.6 - Cross-Site Scripting

In Nagios XI before 5.8.6, XSS exists in the dashboard page /dashboards/ when administrative users attempt to edit a dashboard. id: CVE-2021-38156 info: name: Nagios XI 5.8.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: | In Nagios XI before 5.8.6, XSS exists in the...

Cisco HyperFlex HX Data Platform - Arbitrary File Upload

Cisco HyperFlex HX Data Platform contains an arbitrary file upload vulnerability in the web-based management interface. An attacker can send a specific HTTP request to an affected device, thus enabling upload of files to the affected device with the permissions of the tomcat8 user. id:...

Rosario Student Information System Unauthenticated SQL Injection

An unauthenticated SQL injection vulnerability in Rosario Student Information System aka rosariosis 8.1 and below allow remote attackers to execute PostgreSQL statements e.g., SELECT, INSERT, UPDATE, and DELETE through /Side.php via the syear parameter. id: CVE-2021-44427 info: name: Rosario...

Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure

Jeecg Boot = 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system. id: CVE-2021-37305 info: name: Jeecg Boot = 2.4.5 - Sensitive Information Disclosure author: ritikchaddha severity: high description: |...

PuneethReddyHC Online Shopping System homeaction.php SQL Injection

An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php catid parameter. Using a post request does not sanitize the user input. id: CVE-2021-41649 info: name: PuneethReddyHC Online Shopping System homeaction.php SQL Injection...

WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting

WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event. id: CVE-2021-24510 info: name: WordPress MF Gig Calendar =1.2 which...

OpenEMR 4.1 - Local File Inclusion

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. dot dot in the formname parameter to 1 contrib/acog/printform.php; or 2 loadform.php, 3 viewform.php, or 4 trendform.php in interface/patientfile/encounter. id:...

SquirrelMail 1.4.x - Folder Name Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. id: CVE-2004-0519 info: name: SquirrelMail 1.4.x -...

Virtua Software Cobranca <12R - Blind SQL Injection

Virtua Cobranca before 12R allows blind SQL injection on the login page. id: CVE-2021-37589 info: name: Virtua Software Cobranca 12R - Blind SQL Injection author: princechaddha severity: high description: | Virtua Cobranca before 12R allows blind SQL injection on the login page. impact: |...

Sourcecodester Simple Client Management System 1.0 - SQL Injection

Sourcecodester Simple Client Management System 1.0 contains a SQL injection vulnerability via the username field in login.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id:...

Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS

Multiple cross-site scripting XSS vulnerabilities in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 redirect parameter to member.php, 2 to parameter to myhome.php 3 TID parameter to post.php, or 4 redirect parameter to...

Cisco IOS HTTP Configuration - Authentication Bypass

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. id: CVE-2001-0537 info: name: Cisco IOS HTTP Configuration - Authentication Bypass author:...

NetBiblio WebOPAC - Cross-Site Scripting

NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia module through /NetBiblio/search/shortview via the searchTerm parameter. id: CVE-2021-42551 info: name: NetBiblio WebOPAC - Cross-Site Scripting author: compr00t severity: medium...

WordPress Qubely < 1.8.6 - Unauthenticated Email Sending

Qubely WordPress plugin 1.8.6 contains an insecure deserialization caused by unauthenticated users being able to send arbitrary emails via the qubelysendformdata AJAX action, letting attackers send spam or malicious emails, exploit requires no authentication. id: CVE-2021-24916 info: name:...

FUDForum 3.1.0 - Cross-Site Scripting

FUDForum 3.1.0 contains a cross-site scripting vulnerability which allows remote attackers to inject JavaScript via index.php in the "srch" parameter. id: CVE-2021-27519 info: name: FUDForum 3.1.0 - Cross-Site Scripting author: kh4sh3i severity: medium description: | FUDForum 3.1.0 contains a...

RaspAP <=2.6.5 - Remote Command Injection

RaspAP 2.6 to 2.6.5 allows unauthenticated attackers to execute arbitrary OS commands via the "iface" GET parameter in /ajax/networking/getnetcfg.php, when the "iface" parameter value contains special characters such as ";". id: CVE-2021-33357 info: name: RaspAP =2.6.5 - Remote Command Injection...

RegistrationMagic <= 5.0.1.7 - Authentication Bypass

RegistrationMagic WordPress plugin versions = 5.0.1.7 contain an authentication bypass caused by missing identity validation in socialloginusingemail, letting unauthenticated users log in as any site user, exploit requires knowing a valid username. id: CVE-2021-4073 info: name: RegistrationMagic ...

IRTS OP5 Monitor - Cross-Site Scripting

OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting XSS. id: CVE-2021-40272 info: name: IRTS OP5 Monitor - Cross-Site Scripting author: ritikchaddha severity: medium description: | OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting XSS. impac...

Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun

Netgear RAX43 version 1.0.3.96 contains a command injection and authentication bypass vulnerability. The readycloudcontrol.cgi CGI application is vulnerable to command injection in the name parameter. Additionally, the URL parsing functionality in the cgi-bin endpoint of the router containers a...

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. id: CVE-2021-40972 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity: medi...

Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting

ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks. id: CVE-2021-46387 info: name: Zyxel ZyWALL 2...

ImpressCMS < 1.4.3 - SQL Injection

ImpressCMS before 1.4.3 is vulnerable to SQL injection via the groups parameter in include/findusers.php, allowing unauthenticated attackers to execute arbitrary SQL queries. id: CVE-2021-26599 info: name: ImpressCMS 1.4.3 - SQL Injection author: ritikchaddha severity: high description: |...

elFinder < 2.1.58 - Remote Code Execution

studio-42/elfinder before 2.1.58 contains a remote code execution caused by execution of PHP code in a .phar file, letting attackers execute arbitrary PHP code if the server parses .phar files as PHP, exploit requires server to parse .phar files as PHP. id: CVE-2021-23394 info: name: elFinder...

Eclipse BIRT Viewer - Remote Code Execution

Eclipse BIRT versions 4.8.0 and earlier contain a JSP injection caused by query parameters, letting remote attackers create and access malicious JSP files in the viewer directory, exploit requires sending crafted query parameters. id: CVE-2021-34427 info: name: Eclipse BIRT Viewer - Remote Code...

FatPipe WARP/IPVPN/MPVPN - Authorization Bypass

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication. id: CVE-2021-27858 info: name:...

Draytek VigorConnect 6.0-B3 - Local File Inclusion

Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. id: CVE-2021-201...

XStream 1.4.18 - Arbitrary Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

ECShop 4.1.0 - SQL Injection

ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. id: CVE-2021-41460 info: name: ECShop 4.1.0 - SQL Injection author: SleepingBag945 severity: high description: | ECShop 4.1.0 has SQL injection vulnerability, which can be exploited ...

VoipMonitor <24.61 - Remote Code Execution

VoipMonitor prior to 24.61 is susceptible to remote code execution vulnerabilities because of its use of user supplied data via its web interface, allowing remote unauthenticated users to trigger a remote PHP code execution vulnerability. id: CVE-2021-30461 info: name: VoipMonitor 24.61 - Remote...

Node RED Dashboard <2.26.2 - Local File Inclusion

NodeRED-Dashboard before 2.26.2 is vulnerable to local file inclusion because it allows uibase/js/..%2f directory traversal to read files. id: CVE-2021-3223 info: name: Node RED Dashboard 2.26.2 - Local File Inclusion author: gy741,pikpikcu severity: high description: NodeRED-Dashboard before...

WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting

WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute. id: CVE-2021-24276 info: name: WordPress Supsystic Contact Form 1.7.15 - Cross-Site Scripting autho...

SysAid Technologies 20.3.64 b14 - Cross-Site Scripting

SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp= URI. id: CVE-2021-30049 info: name: SysAid Technologies 20.3.64 b14 - Cross-Site Scripting author: daffainfo severity: medium description: SysAid 20.3.64 b14 contains a cross-site scripting vulnerabilit...

Redash Setup Configuration - Default Secrets Disclosure

Redash Setup Configuration is vulnerable to default secrets disclosure Insecure Default Initialization of Resource. If an admin sets up Redash versions =10.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both...

Grafana Snapshot - Authentication Bypass

Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by...

Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...

WordPress Accessibility Helper <0.6.0.7 - Cross-Site Scripting

WordPress Accessibility Helper plugin before 0.6.0.7 contains a cross-site scripting vulnerability. It does not sanitize and escape the wahi parameter before outputting back its base64 decode value in the page. id: CVE-2022-0150 info: name: WordPress Accessibility Helper 0.6.0.7 - Cross-Site...

WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure

WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address. id: CVE-2022-2373 info: name: WordPress Simply Schedu...

Parallels H-Sphere 3.6.1713 - Cross-Site Scripting

Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the indexen.php 'from' parameter. id: CVE-2022-30777 info: name: Parallels H-Sphere 3.6.1713 - Cross-Site Scripting author: 3th1cyuk1 severity: medium description: | Parallels H-Sphere 3.6.1713 contains a cross-site...

WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting

WordPress Embed Swagger plugin 1.0.0 and prior contains a reflected cross-site scripting vulnerability due to insufficient escaping/sanitization and validation via the url parameter found in the /swagger-iframe.php file, which allows attackers to inject arbitrary web scripts onto the page. id:...