|
197311
|
7.8 |
HIGH
Local
|
collaboraoffice
|
online
|
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and ref…
|
CWE-269
Improper Privilege Management
|
CVE-2021-25630
|
2024-11-21 14:55 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197312
|
8.8 |
HIGH
Network
|
atlassian
|
jira_server_for_slack
|
An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability.
|
CWE-74
Injection
|
CVE-2021-26068
|
2024-11-21 14:55 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197313
|
9.8 |
CRITICAL
Network
|
smarty
debian
|
smarty
debian_linux
|
Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.
|
CWE-94
Code Injection
|
CVE-2021-26120
|
2024-11-21 14:55 |
2021-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197314
|
7.5 |
HIGH
Network
|
smarty
debian
|
smarty
debian_linux
|
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.
|
NVD-CWE-noinfo
|
CVE-2021-26119
|
2024-11-21 14:55 |
2021-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197315
|
7.2 |
HIGH
Network
|
baby_care_system_project
|
baby_care_system
|
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25780
|
2024-11-21 14:55 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197316
|
9.8 |
CRITICAL
Network
|
baby_care_system_project
|
baby_care_system
|
Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.
|
CWE-89
SQL Injection
|
CVE-2021-25779
|
2024-11-21 14:55 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197317
|
9.8 |
CRITICAL
Network
|
testes-codigo
|
testes_de_codigo
|
Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters "isAdmin" and …
|
NVD-CWE-Other
|
CVE-2021-25648
|
2024-11-21 14:55 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197318
|
9.8 |
CRITICAL
Network
|
casap_automated_enrollment_system_project
|
casap_automated_enrollment_system
|
The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the usernam…
|
CWE-89
SQL Injection
|
CVE-2021-26201
|
2024-11-21 14:55 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197319
|
9.8 |
CRITICAL
Network
|
library_system_project
|
library_system
|
The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user.
|
CWE-89
SQL Injection
|
CVE-2021-26200
|
2024-11-21 14:55 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197320
|
7.5 |
HIGH
Network
|
teradici
|
pcoip_soft_client
|
A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.
|
CWE-476
NULL Pointer Dereference
|
CVE-2021-25690
|
2024-11-21 14:55 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
