7
CVE-2021-47872 - SEO Panel < 4.9.0 - 'order_col' Blind SQL Injection
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecโฆ
8.6
CVE-2021-47871 - Hestia Control Panel 1.3.2 - Arbitrary File Write
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the seโฆ
8.5
CVE-2021-47869 - BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path
Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\ directory to gain local sysโฆ
8.5
CVE-2021-47868 - WIN-PACK PRO 4.8 - 'WPCommandFileService' Unquoted Service Path
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WPCommandFileService Service.exe to inject maliciousโฆ
8.5
CVE-2021-47867 - WIN-PACK PRO 4.8 - 'ScheduleService' Unquoted Service Path
WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files <x86>\WINPAKPRO\ScheduleService Service.exe' to inject malicious cโฆ
8.5
CVE-2021-47866 - WIN-PACK PRO 4.8 - 'GuardTourService' Unquoted Service Path
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WP GuardTour Service.exe to inject malicious codeโฆ
8.7
CVE-2021-47865 - ProFTPD 1.3.7a - Remote Denial of Service
ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.
8.5
CVE-2021-47864 - OSAS Traverse Extension 11 - 'travextensionhostsvc' Unquoted Service Path
OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining eleโฆ
8.5
CVE-2021-47863 - MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path
MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privilegeโฆ
8.5
CVE-2021-47862 - Hi-Rez Studios 5.1.6.3 - 'HiPatchService' Unquoted Service Path
Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissโฆ