|
196551
|
9.8 |
CRITICAL
Network
|
fiberhome
|
hg6245d_firmware
|
An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (T…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2021-27141
|
2024-11-21 14:57 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196552
|
7.5 |
HIGH
Network
|
fiberhome
|
hg6245d_firmware
|
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-27140
|
2024-11-21 14:57 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196553
|
7.5 |
HIGH
Network
|
fiberhome
|
hg6245d_firmware
|
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp.
|
NVD-CWE-noinfo
|
CVE-2021-27139
|
2024-11-21 14:57 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196554
|
7.5 |
HIGH
Network
|
henriquedornas
|
henriquedornas
|
An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem
|
NVD-CWE-noinfo
|
CVE-2021-26939
|
2024-11-21 14:57 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196555
|
5.4 |
MEDIUM
Network
|
henriquedornas
|
henriquedornas
|
A stored XSS issue exists in henriquedornas 5.2.17 via online live chat. NOTE: Third parties report that no such product exists. That henriquedornas is the web design agency and 5.2.17 is simply the …
|
CWE-79
Cross-site Scripting
|
CVE-2021-26938
|
2024-11-21 14:57 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196556
|
7.8 |
HIGH
Local
|
replaysorcery_project
|
replaysorcery
|
The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output pa…
|
CWE-269
Improper Privilege Management
|
CVE-2021-26936
|
2024-11-21 14:57 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196557
|
9.8 |
CRITICAL
Network
|
invisible-island
debian
fedoraproject
|
xterm
debian_linux
fedora
|
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
|
NVD-CWE-noinfo
|
CVE-2021-27135
|
2024-11-21 14:57 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196558
|
8.8 |
HIGH
Network
|
xcb_project
|
xcb
|
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transm…
|
CWE-252
Unchecked Return Value
|
CVE-2021-26958
|
2024-11-21 14:57 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196559
|
9.8 |
CRITICAL
Network
|
xcb_project
|
xcb
|
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a forma…
|
CWE-125
Out-of-bounds Read
|
CVE-2021-26957
|
2024-11-21 14:57 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196560
|
9.8 |
CRITICAL
Network
|
xcb_project
|
xcb
|
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPrope…
|
NVD-CWE-noinfo
|
CVE-2021-26956
|
2024-11-21 14:57 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
