Новостной rss агрегатор

CVE-2021-37379

** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.

4 февраля 2023, суббота 2:01 Источник
CVE-2021-37497

SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request.

4 февраля 2023, суббота 2:01 Источник
CVE-2021-37501

Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.

4 февраля 2023, суббота 2:01 Источник
CVE-2021-37502

Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user.

4 февраля 2023, суббота 2:01 Источник
CVE-2021-37518

Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature.

4 февраля 2023, суббота 2:01 Источник
CVE-2021-37519

Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.

4 февраля 2023, суббота 2:01 Источник
CVE-2021-36424

An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.

4 февраля 2023, суббота 2:01 Источник
CVE-2021-36425

Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.

4 февраля 2023, суббота 2:01 Источник
CVE-2021-36426

File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.

4 февраля 2023, суббота 2:01 Источник
CVE-2021-36431

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php.

4 февраля 2023, суббота 2:01 Источник