5.1
CVE-2021-47808 - Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.
8.5
CVE-2021-47807 - Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious executabβ¦
8.5
CVE-2021-47806 - Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path
Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe' to inject malicious executables anβ¦
8.5
CVE-2021-47805 - Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated Localβ¦
8.5
CVE-2021-47804 - Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path
Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service restaβ¦
8.5
CVE-2021-47803 - iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path
iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious executable into the unquoted service path to run with LocalSystem privileges when the service restartβ¦
8.8
CVE-2021-47801 - Vianeos OctoPUS 5 - 'login_user' SQLi
Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to extraβ¦
6.9
CVE-2021-47800 - b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery (CSRF)
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpage.
6.7
CVE-2021-47798 - NoteBurner 2.35 - Denial Of Service (DoS) (PoC)
NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application crash.
6.7
CVE-2021-47797 - Leawo Prof. Media 11.0.0.1 - Denial of Service (DoS) (PoC)
Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to trigger an application crash when pasted into tβ¦