|
196361
|
7.2 |
HIGH
Network
|
zavedil
|
flightlog
|
The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and admin…
|
-
|
CVE-2021-24336
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196362
|
8.8 |
HIGH
Network
|
fortinet
|
fortiai_firmware
|
An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command.
|
CWE-78
OS Command
|
CVE-2021-24023
|
2024-11-21 14:52 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196363
|
4.5 |
MEDIUM
Adjacent
|
mcafee
|
database_security
|
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted passwor…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-23896
|
2024-11-21 14:52 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196364
|
7.3 |
HIGH
Network
|
fortinet
|
fortios
|
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-24012
|
2024-11-21 14:52 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196365
|
8.0 |
HIGH
Adjacent
|
mcafee
|
database_security
|
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on th…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-23895
|
2024-11-21 14:52 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196366
|
8.8 |
HIGH
Adjacent
|
mcafee
|
database_security
|
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-23894
|
2024-11-21 14:52 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196367
|
6.1 |
MEDIUM
Network
|
smartdatasoft
|
car_repair_services_\&_auto_mechanic
|
The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cros…
|
-
|
CVE-2021-24335
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196368
|
5.4 |
MEDIUM
Network
|
connekthq
|
instant_images_-_one_click_unsplash_uploads
|
The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings (/wp-admin/up…
|
-
|
CVE-2021-24334
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196369
|
6.5 |
MEDIUM
Network
|
content_copy_protection_\&_prevent_image_save_project
|
content_copy_protection_\&_prevent_image_save
|
The Content Copy Protection & Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers…
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2021-24333
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196370
|
4.8 |
MEDIUM
Network
|
smooth_scroll_page_up\/down_buttons_project
|
smooth_scroll_page_up\/down_buttons
|
The Smooth Scroll Page Up/Down Buttons WordPress plugin before 1.4 did not properly sanitise and validate its settings, such as psb_distance, psb_buttonsize, psb_speed, only validating them client si…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24331
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
