CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1601 CVE-2020-25912 611 DoS 2021-10-31 2021-11-02
6.4
None Remote Low Not required Partial None Partial
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).
1602 CVE-2020-25911 611 DoS 2021-10-31 2021-11-02
6.4
None Remote Low Not required Partial None Partial
A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).
1603 CVE-2020-25881 22 Dir. Trav. 2021-10-29 2021-11-03
4.3
None Remote Medium Not required None Partial None
A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file.
1604 CVE-2020-25873 22 Dir. Trav. 2021-10-29 2021-11-03
4.0
None Remote Low ??? None Partial None
A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter.
1605 CVE-2020-25872 22 Dir. Trav. 2021-10-29 2021-11-03
4.0
None Remote Low ??? Partial None None
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter.
1606 CVE-2020-25422 79 XSS 2021-10-28 2021-10-29
3.5
None Remote Medium ??? None Partial None
A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
1607 CVE-2020-24932 89 Sql 2021-10-27 2021-10-29
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.
1608 CVE-2020-23549 DoS 2021-10-28 2021-11-02
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection starting at FORMATS!GetPlugInInfo+0x00000000000047f6".
1609 CVE-2020-23546 DoS 2021-10-28 2021-11-02
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981.
1610 CVE-2020-23061 22 Dir. Trav. 2021-10-22 2021-10-28
5.0
None Remote Low Not required Partial None None
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command.
1611 CVE-2020-23060 787 Overflow 2021-10-22 2021-10-28
6.6
None Local Low Not required None Complete Complete
Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file.
1612 CVE-2020-23058 287 2021-10-22 2021-10-28
2.1
None Local Low Not required Partial None None
An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data.
1613 CVE-2020-23055 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module via the userid and password parameters.
1614 CVE-2020-23054 79 XSS 2021-10-22 2021-10-28
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field.
1615 CVE-2020-23052 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (DescripciĆ³n) parameters.
1616 CVE-2020-23051 79 XSS 2021-10-22 2021-10-27
4.3
None Remote Medium Not required None Partial None
Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields.
1617 CVE-2020-23050 74 Exec Code 2021-10-22 2021-10-28
6.0
None Remote Medium ??? Partial Partial Partial
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code.
1618 CVE-2020-23049 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.
1619 CVE-2020-23048 79 XSS 2021-10-22 2021-10-27
4.3
None Remote Medium Not required None Partial None
SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters.
1620 CVE-2020-23047 79 XSS 2021-10-22 2021-10-27
4.3
None Remote Medium Not required None Partial None
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module.
1621 CVE-2020-23046 79 XSS 2021-10-22 2021-10-28
4.3
None Remote Medium Not required None Partial None
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
1622 CVE-2020-23045 89 Sql 2021-10-22 2021-10-29
6.5
None Remote Low ??? Partial Partial Partial
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules.
1623 CVE-2020-23044 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
1624 CVE-2020-23043 434 Exec Code 2021-10-22 2021-10-27
6.5
None Remote Low ??? Partial Partial Partial
Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file.
1625 CVE-2020-23042 79 XSS 2021-10-22 2021-10-27
4.3
None Remote Medium Not required None Partial None
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.
1626 CVE-2020-23041 79 XSS 2021-10-22 2021-10-27
4.3
None Remote Medium Not required None Partial None
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.
1627 CVE-2020-23040 22 Dir. Trav. 2021-10-22 2021-10-27
5.0
None Remote Low Not required Partial None None
Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands.
1628 CVE-2020-23039 79 XSS 2021-10-22 2021-10-27
3.5
None Remote Medium ??? None Partial None
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name.
1629 CVE-2020-23038 22 Dir. Trav. 2021-10-22 2021-10-27
5.0
None Remote Low Not required Partial None None
Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables.
1630 CVE-2020-23037 94 Exec Code 2021-10-22 2021-10-27
7.5
None Remote Low Not required Partial Partial Partial
Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.
1631 CVE-2020-23036 522 2021-10-22 2021-10-28
4.3
None Remote Medium Not required Partial None None
MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack.
1632 CVE-2020-22864 79 XSS 2021-10-26 2021-10-28
4.3
None Remote Medium Not required None Partial None
A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.
1633 CVE-2020-22724 77 Exec Code 2021-10-14 2021-10-20
10.0
None Remote Low Not required Complete Complete Complete
A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1.
1634 CVE-2020-22679 401 DoS 2021-10-12 2021-10-18
4.3
None Remote Medium Not required None None Partial
Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.
1635 CVE-2020-22678 787 DoS Overflow 2021-10-12 2021-10-18
4.3
None Remote Medium Not required None None Partial
An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.
1636 CVE-2020-22677 787 DoS Overflow 2021-10-12 2021-10-18
4.3
None Remote Medium Not required None None Partial
An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.
1637 CVE-2020-22675 787 DoS Overflow 2021-10-12 2021-10-18
4.3
None Remote Medium Not required None None Partial
An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.
1638 CVE-2020-22674 476 DoS 2021-10-12 2021-10-18
4.3
None Remote Medium Not required None None Partial
An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input.
1639 CVE-2020-22673 401 DoS 2021-10-12 2021-10-18
4.3
None Remote Medium Not required None None Partial
Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.
1640 CVE-2020-22617 416 2021-10-08 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.
1641 CVE-2020-22312 79 XSS 2021-10-28 2021-11-01
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0.
1642 CVE-2020-22079 787 Exec Code Overflow 2021-10-29 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.
1643 CVE-2020-21865 Exec Code 2021-10-07 2021-10-14
7.5
None Remote Low Not required Partial Partial Partial
ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha.
1644 CVE-2020-21729 79 XSS 2021-10-07 2021-10-14
3.5
None Remote Medium ??? None Partial None
JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
1645 CVE-2020-21726 89 Sql 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter.
1646 CVE-2020-21725 89 Sql 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter.
1647 CVE-2020-21658 352 CSRF 2021-10-06 2021-10-15
4.3
None Remote Medium Not required None Partial None
A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL.
1648 CVE-2020-21656 79 XSS 2021-10-06 2021-10-14
3.5
None Remote Medium ??? None Partial None
XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index.
1649 CVE-2020-21654 2021-10-06 2021-10-15
6.5
None Remote Low ??? Partial Partial Partial
emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file.
1650 CVE-2020-21653 918 2021-10-06 2021-10-15
6.4
None Remote Low Not required Partial Partial None
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() method.
Total number of vulnerabilities : 1708   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 (This Page)34 35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.