|
195061
|
9.1 |
CRITICAL
Network
|
whatsapp
|
whatsapp
|
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite Wh…
|
CWE-22
Path Traversal
|
CVE-2021-24035
|
2024-11-21 14:52 |
2021-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195062
|
4.8 |
MEDIUM
Network
|
easy_preloader_project
|
easy_preloader
|
The Easy Preloader WordPress plugin through 1.0.0 does not sanitise its setting fields, leading to authenticated (admin+) Stored Cross-Site scripting issues
|
-
|
CVE-2021-24344
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195063
|
4.8 |
MEDIUM
Network
|
iflychat
|
iflychat
|
The iFlyChat WordPress plugin before 4.7.0 does not sanitise its APP ID setting before outputting it back in the page, leading to an authenticated Stored Cross-Site Scripting issue
|
CWE-79
Cross-site Scripting
|
CVE-2021-24343
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195064
|
6.1 |
MEDIUM
Network
|
jnews
|
jnews
|
The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scri…
|
-
|
CVE-2021-24342
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195065
|
7.5 |
HIGH
Network
|
veronalabs
|
wp_statistics
|
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which…
|
-
|
CVE-2021-24340
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195066
|
8.8 |
HIGH
Network
|
video-embed-box_project
|
video-embed-box
|
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowin…
|
-
|
CVE-2021-24337
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195067
|
7.2 |
HIGH
Network
|
zavedil
|
flightlog
|
The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and admin…
|
-
|
CVE-2021-24336
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195068
|
8.8 |
HIGH
Network
|
fortinet
|
fortiai_firmware
|
An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command.
|
CWE-78
OS Command
|
CVE-2021-24023
|
2024-11-21 14:52 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195069
|
4.5 |
MEDIUM
Adjacent
|
mcafee
|
database_security
|
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted passwor…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-23896
|
2024-11-21 14:52 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195070
|
7.3 |
HIGH
Network
|
fortinet
|
fortios
|
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-24012
|
2024-11-21 14:52 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
