|
199681
|
7.8 |
HIGH
Local
|
fujielectric
|
v-server
v-simulator
|
A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-22641
|
2024-11-21 14:50 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199682
|
7.8 |
HIGH
Local
|
fujielectric
|
v-server
v-simulator
|
An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on …
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2021-22639
|
2024-11-21 14:50 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199683
|
7.8 |
HIGH
Local
|
fujielectric
|
v-server
v-simulator
|
Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-22637
|
2024-11-21 14:50 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199684
|
6.1 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been avail…
|
CWE-601
Open Redirect
|
CVE-2021-22873
|
2024-11-21 14:50 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199685
|
6.1 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in mo…
|
CWE-79
Cross-site Scripting
|
CVE-2021-22872
|
2024-11-21 14:50 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199686
|
4.8 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php …
|
CWE-79
Cross-site Scripting
|
CVE-2021-22871
|
2024-11-21 14:50 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199687
|
7.8 |
HIGH
Local
|
schneider-electric
|
ecostruxure_power_build_-_rapsody
|
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to…
|
-
|
CVE-2021-22698
|
2024-11-21 14:50 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199688
|
7.8 |
HIGH
Local
|
schneider-electric
|
ecostruxure_power_build_-_rapsody
|
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which…
|
-
|
CVE-2021-22697
|
2024-11-21 14:50 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199689
|
5.4 |
MEDIUM
Network
|
hyweb
|
hycms-j1
|
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.
|
CWE-79
Cross-site Scripting
|
CVE-2021-22849
|
2024-11-21 14:50 |
2021-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199690
|
8.8 |
HIGH
Network
|
hyweb
|
hycms-j1
|
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
|
CWE-89
SQL Injection
|
CVE-2021-22847
|
2024-11-21 14:50 |
2021-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
