1611
|
7.5 |
HIGH
Network
solarwinds
|
serv-u
|
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U…
|
CWE-22
Path Traversal
|
CVE-2021-35250
|
2024-09-17 09:15 |
2022-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1612
|
9.8 |
CRITICAL
Network
mitsubishielectric
|
cw_configurator gx_logviewer melfa-works rt_toolbox2 fr_configurator_sw3 fr_configurator2 m_commdtm-io-link melsec_wincpu_setting_utility melsoft_em_software_development_kit
|
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, m…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-14521
|
2024-09-17 09:15 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1613
|
9.8 |
CRITICAL
Network
artica
|
integria_ims
|
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted pas…
|
CWE-697
Incorrect Comparison
|
CVE-2021-3833
|
2024-09-17 09:15 |
2021-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1614
|
5.3 |
MEDIUM
Local
|
tubitak
|
pardus_software_center
|
A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.
|
CWE-22
Path Traversal
|
CVE-2021-3806
|
2024-09-17 09:15 |
2021-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1615
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-20326
|
2024-09-17 09:15 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1616
|
7.5 |
HIGH
Network
mongodb
|
mongodb
|
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects Mo…
|
CWE-697
Incorrect Comparison
|
CVE-2019-20925
|
2024-09-17 09:15 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1617
|
6.5 |
MEDIUM
Adjacent
|
johnsoncontrols
|
bcpro metasys_system
|
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the se…
|
CWE-388
7PK - Errors
|
CVE-2018-10624
|
2024-09-17 09:15 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1618
|
10.0 |
CRITICAL
Network
etictelecom
|
remote_access_server_firmware
|
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide pr…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2022-3703
|
2024-09-17 08:15 |
2022-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1619
|
6.1 |
MEDIUM
Network
|
yordam
|
library_automation_system
|
University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2
|
CWE-79
Cross-site Scripting
|
CVE-2022-2266
|
2024-09-17 08:15 |
2022-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1620
|
7.8 |
HIGH
Local
|
abb
|
mint_workbench automation_builder drive_composer
|
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already e…
|
CWE-59
Link Following
|
CVE-2022-31219
|
2024-09-17 08:15 |
2022-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|