|
195001
|
9.8 |
CRITICAL
Network
|
mutare
|
voice
|
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-27236
|
2024-11-21 14:57 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195002
|
4.9 |
MEDIUM
Network
|
mutare
|
voice
|
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, there is a functionality at diagzip.asp that allows anyone to export tables of a database.
|
NVD-CWE-noinfo
|
CVE-2021-27235
|
2024-11-21 14:57 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195003
|
9.8 |
CRITICAL
Network
|
mutare
|
voice
|
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp.
|
CWE-89
SQL Injection
|
CVE-2021-27234
|
2024-11-21 14:57 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195004
|
4.9 |
MEDIUM
Network
|
mutare
|
voice
|
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-27233
|
2024-11-21 14:57 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195005
|
5.4 |
MEDIUM
Network
|
hestiacp
|
control_panel
|
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of…
|
NVD-CWE-noinfo
|
CVE-2021-27231
|
2024-11-21 14:57 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195006
|
8.8 |
HIGH
Network
|
mumble
debian
|
mumble
debian_linux
|
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
|
CWE-59
Link Following
|
CVE-2021-27229
|
2024-11-21 14:57 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195007
|
7.5 |
HIGH
Network
|
steghide_project
|
steghide
|
steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data.
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2021-27211
|
2024-11-21 14:57 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195008
|
8.8 |
HIGH
Network
|
endian
|
firewall_community
|
Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment.
|
CWE-78
OS Command
|
CVE-2021-27201
|
2024-11-21 14:57 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195009
|
7.5 |
HIGH
Network
|
gnome
fedoraproject
debian
netapp
broadcom
|
glib
fedora
debian_linux
cloud_backup
active_iq_unified_manager
e-series_performance_analyzer
brocade_fabric_operating_system_firmware
|
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The…
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2021-27219
|
2024-11-21 14:57 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195010
|
7.5 |
HIGH
Network
|
gnome
fedoraproject
debian
netapp
broadcom
|
glib
fedora
debian_linux
cloud_backup
active_iq_unified_manager
e-series_performance_analyzer
brocade_fabric_operating_system_firmware
|
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated mo…
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2021-27218
|
2024-11-21 14:57 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
