Search

Search Results (365367 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-20674 1 Ntt-tx 1 Magicconnect 2024-11-21 7.8 High
Untrusted search path vulnerability in Installer of MagicConnect Client program distributed before 2021 March 1 allows an attacker to gain privileges and via a Trojan horse DLL in an unspecified directory and to execute arbitrary code with the privilege of the user invoking the installer when a terminal is connected remotely using Remote desktop.
CVE-2021-20673 1 Weseek 1 Growi 2024-11-21 4.8 Medium
Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20672 1 Weseek 1 Growi 2024-11-21 6.1 Medium
Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20671 1 Weseek 1 Growi 2024-11-21 7.2 High
Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution.
CVE-2021-20670 1 Weseek 1 Growi 2024-11-21 7.5 High
Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's personal information and/or server's internal information via unspecified vectors.
CVE-2021-20669 1 Weseek 1 Growi 2024-11-21 4.7 Medium
Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL.
CVE-2021-20668 1 Weseek 1 Growi 2024-11-21 2.7 Low
Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL.
CVE-2021-20667 1 Weseek 1 Growi 2024-11-21 5.4 Medium
Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitrary script via a specially crafted content.
CVE-2021-20665 1 Movabletype 4 Movable Type, Movable Type Advanced, Movable Type Premium and 1 more 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20664 1 Movabletype 4 Movable Type, Movable Type Advanced, Movable Type Premium and 1 more 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20663 1 Movabletype 4 Movable Type, Movable Type Advanced, Movable Type Premium and 1 more 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20662 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2024-11-21 7.5 High
Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors.
CVE-2021-20661 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2024-11-21 8.1 High
Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.
CVE-2021-20660 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.
CVE-2021-20659 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2024-11-21 8.8 High
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.
CVE-2021-20658 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2024-11-21 9.8 Critical
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.
CVE-2021-20657 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2024-11-21 5.4 Medium
Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors.
CVE-2021-20656 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2024-11-21 4.3 Medium
Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors.
CVE-2021-20655 1 Soliton 1 Filezen 2024-11-21 7.2 High
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
CVE-2021-20654 1 Wekan Project 1 Wekan 2024-11-21 5.4 Medium
Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.