|
195141
|
7.8 |
HIGH
Local
|
fujielectric
|
v-server
v-simulator
|
Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-22637
|
2024-11-21 14:50 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195142
|
6.1 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been avail…
|
CWE-601
Open Redirect
|
CVE-2021-22873
|
2024-11-21 14:50 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195143
|
6.1 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in mo…
|
CWE-79
Cross-site Scripting
|
CVE-2021-22872
|
2024-11-21 14:50 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195144
|
4.8 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php …
|
CWE-79
Cross-site Scripting
|
CVE-2021-22871
|
2024-11-21 14:50 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195145
|
7.8 |
HIGH
Local
|
schneider-electric
|
ecostruxure_power_build_-_rapsody
|
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to…
|
-
|
CVE-2021-22698
|
2024-11-21 14:50 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195146
|
7.8 |
HIGH
Local
|
schneider-electric
|
ecostruxure_power_build_-_rapsody
|
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which…
|
-
|
CVE-2021-22697
|
2024-11-21 14:50 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195147
|
5.4 |
MEDIUM
Network
|
hyweb
|
hycms-j1
|
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.
|
CWE-79
Cross-site Scripting
|
CVE-2021-22849
|
2024-11-21 14:50 |
2021-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195148
|
8.8 |
HIGH
Network
|
hyweb
|
hycms-j1
|
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
|
CWE-89
SQL Injection
|
CVE-2021-22847
|
2024-11-21 14:50 |
2021-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195149
|
8.1 |
HIGH
Network
|
microfocus
|
application_lifecycle_management
|
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and ea…
|
CWE-611
XXE
|
CVE-2021-22498
|
2024-11-21 14:50 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195150
|
8.8 |
HIGH
Network
|
hgiga
|
oaklouds_openid
|
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.
|
CWE-89
SQL Injection
|
CVE-2021-22852
|
2024-11-21 14:50 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
