|
196211
|
7.5 |
HIGH
Network
|
digium
|
certified_asterisk
asterisk
|
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remo…
|
NVD-CWE-noinfo
|
CVE-2021-26717
|
2024-11-21 14:56 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196212
|
7.8 |
HIGH
Local
|
avahi
debian
|
avahi
debian_linux
|
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbit…
|
CWE-59
Link Following
|
CVE-2021-26720
|
2024-11-21 14:56 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196213
|
9.8 |
CRITICAL
Network
|
phpgurukul
|
car_rental_portal
|
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-26809
|
2024-11-21 14:56 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196214
|
5.3 |
MEDIUM
Network
|
apache
|
airflow
|
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as th…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-26697
|
2024-11-21 14:56 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196215
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `…
|
NVD-CWE-Other
|
CVE-2021-26559
|
2024-11-21 14:56 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196216
|
9.8 |
CRITICAL
Network
|
phpgurukul
|
teachers_record_management_system
|
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthentic…
|
CWE-89
SQL Injection
|
CVE-2021-26822
|
2024-11-21 14:56 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196217
|
9.9 |
CRITICAL
Network
|
nedi
|
nedi
|
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to t…
|
CWE-863
Incorrect Authorization
|
CVE-2021-26753
|
2024-11-21 14:56 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196218
|
8.8 |
HIGH
Network
|
nedi
|
nedi
|
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attack…
|
CWE-78
OS Command
|
CVE-2021-26752
|
2024-11-21 14:56 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196219
|
8.8 |
HIGH
Network
|
nedi
|
nedi
|
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to…
|
CWE-89
SQL Injection
|
CVE-2021-26751
|
2024-11-21 14:56 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196220
|
8.8 |
HIGH
Network
|
smartfoxserver
|
smartfoxserver
|
An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and edit…
|
CWE-94
Code Injection
|
CVE-2021-26551
|
2024-11-21 14:56 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
