Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
CWE
:
Tytuł
Data
Autor
Low
WordPress 5.1.1 Slider Revolution 4.6.5 UpdateCaptionsCSS Remote Content Injection
21.03.2019
KingSkrupellos
Common Weakness Enumeration (CWE)
CVE
Szczegóły
Opis
2021-11-30
Low
CVE-2021-42117
Vendor:
Businessdnasolutions
Software:
Topease
2021-11-24
High
CVE-2021-38873
Vendor:
IBM
Software:
Planning ana...
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396.
2021-11-23
Medium
CVE-2021-37033
Vendor:
Huawei
Software:
EMUI
There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.
2021-11-20
Medium
CVE-2021-36322
Updating...
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections.
2021-11-11
Medium
CVE-2021-25980
Vendor:
Talkyard
Software:
Talkyard
Medium
CVE-2021-43350
Vendor:
Apache
Software:
Traffic control
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.
Medium
CVE-2021-34419
Vendor:
ZOOM
Software:
Zoom client ...
In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for social engineering attacks.
2021-11-09
Medium
CVE-2021-43185
Vendor:
Jetbrains
Software:
Youtrack
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
2021-11-05
Low
CVE-2021-42663
Vendor:
Online event booking and reservation system project
Software:
Online event...
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice.
2021-11-03
Medium
CVE-2021-36697
Vendor:
Artica
Software:
Pandora fms
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.
Copyright
2021
, cxsecurity.com
Back to Top
Polish
English