|
195561
|
8.8 |
HIGH
Network
|
hongdian
|
h8922_firmware
|
Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest…
|
CWE-78
OS Command
|
CVE-2021-28151
|
2024-11-21 14:59 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195562
|
5.5 |
MEDIUM
Local
|
hongdian
|
h8922_firmware
|
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2021-28150
|
2024-11-21 14:59 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195563
|
6.5 |
MEDIUM
Network
|
hongdian
|
h8922_firmware
|
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file…
|
CWE-22
Path Traversal
|
CVE-2021-28149
|
2024-11-21 14:59 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195564
|
8.1 |
HIGH
Network
|
strapi
|
strapi
|
In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an …
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2021-28128
|
2024-11-21 14:59 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195565
|
6.1 |
MEDIUM
Network
|
apache
|
airflow
|
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and…
|
CWE-79
Cross-site Scripting
|
CVE-2021-28359
|
2024-11-21 14:59 |
2021-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195566
|
6.1 |
MEDIUM
Network
|
php-fusion
|
phpfusion
|
CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2021-28280
|
2024-11-21 14:59 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195567
|
8.8 |
HIGH
Network
|
soyal
|
701client
|
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-28269
|
2024-11-21 14:59 |
2021-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195568
|
8.8 |
HIGH
Network
|
soyal
|
701server
701clientsql
701serversql
|
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulne…
|
CWE-276
Incorrect Default Permissions
|
CVE-2021-28271
|
2024-11-21 14:59 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195569
|
6.1 |
MEDIUM
Network
|
apache
|
superset
|
Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allo…
|
CWE-601
Open Redirect
|
CVE-2021-28125
|
2024-11-21 14:59 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195570
|
5.3 |
MEDIUM
Network
|
orangehrm
|
orangehrm
|
OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function.
|
NVD-CWE-noinfo
|
CVE-2021-28399
|
2024-11-21 14:59 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
