8.5
CVE-2021-47804 - Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path
Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service restaβ¦
8.5
CVE-2021-47803 - iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path
iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious executable into the unquoted service path to run with LocalSystem privileges when the service restartβ¦
8.8
CVE-2021-47801 - Vianeos OctoPUS 5 - 'login_user' SQLi
Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to extraβ¦
6.9
CVE-2021-47800 - b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery (CSRF)
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpage.
6.7
CVE-2021-47798 - NoteBurner 2.35 - Denial Of Service (DoS) (PoC)
NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application crash.
6.7
CVE-2021-47797 - Leawo Prof. Media 11.0.0.1 - Denial of Service (DoS) (PoC)
Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to trigger an application crash when pasted into tβ¦
9.3
CVE-2021-47796 - Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution (RCE)
Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default credential to execute arbitrary commands on the camera's operating system.
8.7
CVE-2021-47795 - GeoVision Geowebserver 5.3.3 - Local FIle Inclusion
GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access sysβ¦
8.7
CVE-2021-47794 - ZesleCP 3.1.9 - Remote Code Execution (RCE) (Authenticated)
ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a sβ¦
4.6
CVE-2021-47793 - Telegram Desktop 2.9.2 - Denial of Service (PoC)
Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into the messaging interface to trigger an application crash.