|
196901
|
5.3 |
MEDIUM
Local
|
google
|
android
|
A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.
|
CWE-416
Use After Free
|
CVE-2021-25443
|
2024-11-21 14:54 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196902
|
9.8 |
CRITICAL
Network
|
learning_management_system_project
|
learning_management_system
|
Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25200
|
2024-11-21 14:54 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196903
|
4.8 |
MEDIUM
Network
|
sophos
|
unified_threat_management
|
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25273
|
2024-11-21 14:54 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196904
|
9.8 |
CRITICAL
Network
|
travel_management_system_project
|
travel_management_system
|
Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25208
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196905
|
9.8 |
CRITICAL
Network
|
responsive_ordering_system_project
|
responsive_ordering_system
|
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25206
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196906
|
5.4 |
MEDIUM
Network
|
e-commerce_website_project
|
e-commerce_website
|
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25204
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196907
|
9.8 |
CRITICAL
Network
|
victor_cms_project
|
victor_cms
|
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25203
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196908
|
7.5 |
HIGH
Network
|
learning_management_system_project
|
learning_management_system
|
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
|
CWE-89
SQL Injection
|
CVE-2021-25201
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196909
|
9.8 |
CRITICAL
Network
|
e-commerce_website_project
|
e-commerce_website
|
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25207
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196910
|
9.8 |
CRITICAL
Network
|
travel_management_system_project
|
travel_management_system
|
SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php.
|
CWE-89
SQL Injection
|
CVE-2021-25213
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
