CWE:
 

Tytuł
Data
Autor
Low
WordPress 5.1.1 Slider Revolution 4.6.5 UpdateCaptionsCSS Remote Content Injection
21.03.2019
KingSkrupellos


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-11-30
Low
CVE-2021-42117

Vendor: Businessdnasolutions
Software: Topease
 

 

 
2021-11-24
High
CVE-2021-38873

Vendor: IBM
Software: Planning ana...
 

 
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396.

 
2021-11-23
Medium
CVE-2021-37033

Vendor: Huawei
Software: EMUI
 

 
There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.

 
2021-11-20
Medium
CVE-2021-36322

Updating...
 

 
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections.

 
2021-11-11
Medium
CVE-2021-25980

Vendor: Talkyard
Software: Talkyard
 

 

 
Medium
CVE-2021-43350

Vendor: Apache
Software: Traffic control
 

 
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.

 
Medium
CVE-2021-34419

Vendor: ZOOM
Software: Zoom client ...
 

 
In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for social engineering attacks.

 
2021-11-09
Medium
CVE-2021-43185

Vendor: Jetbrains
Software: Youtrack
 

 
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

 
2021-11-05
Low
CVE-2021-42663

Vendor: Online event booking and reservation system project
Software: Online event...
 

 
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice.

 
2021-11-03
Medium
CVE-2021-36697

Vendor: Artica
Software: Pandora fms
 

 
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top