|
195121
|
8.8 |
HIGH
Network
|
changjia_property_management_system_project
|
changjia_property_management_system
|
Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-22858
|
2024-11-21 14:50 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195122
|
7.5 |
HIGH
Network
|
changjia_property_management_system_project
|
changjia_property_management_system
|
The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily.
|
CWE-22
Path Traversal
|
CVE-2021-22857
|
2024-11-21 14:50 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195123
|
7.5 |
HIGH
Network
|
changjia_property_management_system_project
|
changjia_property_management_system
|
The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.
|
CWE-89
SQL Injection
|
CVE-2021-22856
|
2024-11-21 14:50 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195124
|
9.8 |
CRITICAL
Network
|
microfocus
|
operations_bridge_manager
|
Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could…
|
NVD-CWE-noinfo
|
CVE-2021-22504
|
2024-11-21 14:50 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195125
|
9.8 |
CRITICAL
Network
|
advantech
|
iview
|
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
|
CWE-89
SQL Injection
|
CVE-2021-22658
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195126
|
6.1 |
MEDIUM
Network
|
rubyonrails
fedoraproject
|
rails
fedora
|
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" forma…
|
CWE-601
Open Redirect
|
CVE-2021-22881
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195127
|
7.5 |
HIGH
Network
|
rubyonrails
fedoraproject
|
rails
fedora
|
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validat…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-22880
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195128
|
7.5 |
HIGH
Network
|
advantech
|
iview
|
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
|
CWE-22
Path Traversal
|
CVE-2021-22656
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195129
|
7.5 |
HIGH
Network
|
advantech
|
iview
|
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
|
CWE-89
SQL Injection
|
CVE-2021-22654
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195130
|
9.8 |
CRITICAL
Network
|
advantech
|
iview
|
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
|
-
|
CVE-2021-22652
|
2024-11-21 14:50 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
