Topics

Sort by:
Attacker Value
Very High

CVE-2021-36621

Disclosure Date: July 30, 2021 (last updated August 12, 2021)
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator.
Attacker Value
Very High

CVE-2021-22005

Disclosure Date: September 23, 2021 (last updated September 28, 2021)
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
Attacker Value
Moderate

CVE-2021-32682

Disclosure Date: June 14, 2021 (last updated June 30, 2021)
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
Attacker Value
Moderate

CVE-2021-26431

Disclosure Date: August 12, 2021 (last updated August 19, 2021)
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
Attacker Value
High

CVE-2021-3287

Disclosure Date: April 22, 2021 (last updated May 01, 2021)
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Attacker Value
High

CVE-2021-36955

Disclosure Date: September 15, 2021 (last updated September 25, 2021)
Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36963, CVE-2021-38633.
Attacker Value
Very High
The © 2021 Rupee Invoice System - Mayuri K | Designed by : Mayurik K is vulnerable to remote SQL-Injection-Bypass-Authentication. remote SQL-Injection-Bypass-Authentication: https://portswigger.net/support/using-sql-injection-to-bypass-authentication. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads. When the user will sending a malicious query or malicious payload to the MySQL server for those three accounts, he can bypass the login credentials and take control of admin account.
1
Attacker Value
Moderate

CVE-2021-40444

Disclosure Date: September 15, 2021 (last updated September 25, 2021)
Microsoft MSHTML Remote Code Execution Vulnerability
Attacker Value
Very High

CVE-nu11-16-092421

Last updated September 26, 2021
The OBS-PHP(by:oretnom23)v1.0 is vulnerable to remote SqL-Injection bypass Authentication, XSS-Stored and PHPSESSID Hijacking. The vulnerable app: to remote SqL - injection bypass Authentication is "login.php", with parameters: "username" and "password". After the successful PWNED of the credentials for the admin account, the malicious user can be storing an XSS payload, whit who can take the active PHPSESSID every time when he wants to log in to the system with an admin account by using this exploit.
1
Attacker Value
Very High

CVE-nu11-06-092421

Last updated September 26, 2021
The PASS-PHP (by: oretnom23 ) v1.0 is vulnerable to remote SqL-Injection bypass Authentication, XSS-Stored and PHPSESSID Hijacking. The vulnerable app: to remote SqL - injection bypass Authentication is "login.php", with parameters: "username" and "password". After the successful PWNED of the credentials for the admin account, the malicious user can be storing an XSS payload, whit who can take the active PHPSESSID every time when he wants to log in to the system with an admin account by using this exploit.
1