|
194731
|
7.2 |
HIGH
Network
|
youphptube
|
youphptube
|
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.
|
CWE-94
Code Injection
|
CVE-2021-25877
|
2024-11-21 14:55 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194732
|
6.1 |
MEDIUM
Network
|
youphptube
|
youphptube
|
AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform a…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25876
|
2024-11-21 14:55 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194733
|
6.1 |
MEDIUM
Network
|
youphptube
|
youphptube
|
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators'…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25875
|
2024-11-21 14:55 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194734
|
7.5 |
HIGH
Network
|
youphptube
|
youphptube
|
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases informati…
|
CWE-89
SQL Injection
|
CVE-2021-25874
|
2024-11-21 14:55 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194735
|
7.1 |
HIGH
Network
|
kubernetes
netapp
|
ingress-nginx
trident
|
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
|
NVD-CWE-noinfo
|
CVE-2021-25742
|
2024-11-21 14:55 |
2021-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194736
|
5.4 |
MEDIUM
Network
|
dotnetfoundation
|
piranha_cms
|
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigg…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25977
|
2024-11-21 14:55 |
2021-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194737
|
4.9 |
MEDIUM
Network
|
tuzitio
|
camaleon_cms
|
In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fail…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-25972
|
2024-11-21 14:55 |
2021-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194738
|
4.3 |
MEDIUM
Network
|
tuzitio
|
camaleon_cms
|
In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially …
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2021-25971
|
2024-11-21 14:55 |
2021-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194739
|
8.8 |
HIGH
Network
|
tuzitio
|
camaleon_cms
|
Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the appli…
|
CWE-613
Insufficient Session Expiration
|
CVE-2021-25970
|
2024-11-21 14:55 |
2021-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194740
|
6.1 |
MEDIUM
Network
|
tuzitio
|
camaleon_cms
|
In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These script…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25969
|
2024-11-21 14:55 |
2021-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
