|
196141
|
8.8 |
HIGH
Network
|
video-embed-box_project
|
video-embed-box
|
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowin…
|
-
|
CVE-2021-24337
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196142
|
7.2 |
HIGH
Network
|
zavedil
|
flightlog
|
The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and admin…
|
-
|
CVE-2021-24336
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196143
|
8.8 |
HIGH
Network
|
fortinet
|
fortiai_firmware
|
An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command.
|
CWE-78
OS Command
|
CVE-2021-24023
|
2024-11-21 14:52 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196144
|
4.5 |
MEDIUM
Adjacent
|
mcafee
|
database_security
|
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted passwor…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-23896
|
2024-11-21 14:52 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196145
|
7.3 |
HIGH
Network
|
fortinet
|
fortios
|
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-24012
|
2024-11-21 14:52 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196146
|
8.0 |
HIGH
Adjacent
|
mcafee
|
database_security
|
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on th…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-23895
|
2024-11-21 14:52 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196147
|
8.8 |
HIGH
Adjacent
|
mcafee
|
database_security
|
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-23894
|
2024-11-21 14:52 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196148
|
6.1 |
MEDIUM
Network
|
smartdatasoft
|
car_repair_services_\&_auto_mechanic
|
The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cros…
|
-
|
CVE-2021-24335
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196149
|
5.4 |
MEDIUM
Network
|
connekthq
|
instant_images_-_one_click_unsplash_uploads
|
The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings (/wp-admin/up…
|
-
|
CVE-2021-24334
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196150
|
6.5 |
MEDIUM
Network
|
content_copy_protection_\&_prevent_image_save_project
|
content_copy_protection_\&_prevent_image_save
|
The Content Copy Protection & Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers…
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2021-24333
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
