8.5
CVE-2021-47799 - Visual Tools DVR VX16 4.2.28 - Local Privilege Escalation
Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo configuration that allows attackers to gain root access. Attackers can exploit the unsafe Sudo settings by using mount commands to bind a shell, enabling unauthorized system-level privileges.
6.7
CVE-2021-47784 - Cyberfox Web Browser 52.9.1 - Denial of Service (PoC)
Cyberfox Web Browser 52.9.1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the search bar with excessive data. Attackers can generate a 9,000,000 byte payload and paste it into the search bar to trigger an application crash.
6.7
CVE-2021-47781 - Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial of Service (PoC)
Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trigger a denial of service condition through a maliciously crafted .cmd file. Attackers can create a specially constructed .cmd file with repeated characters to overwhelm the console emulator's buffer aโฆ
8.8
CVE-2021-47777 - Build Smart ERP 21.0817 - 'eidValue' SQL Injection (Unauthenticated)
Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify databโฆ
6.9
CVE-2021-47776 - Umbraco v8.14.1 - 'baseUrl' SSRF
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardโฆ
8.4
CVE-2021-47775 - YouTube Video Grabber 1.9.9.1 - Buffer Overflow (SEH)
YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious payload of 712 bytes with SEH manipulation to trigger a binโฆ
8.4
CVE-2021-47774 - Kingdia CD Extractor 3.0.2 - Buffer Overflow (SEH)
Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload exceeding 256 bytes to overwrite Structured Exception Handler and gain remote code execution through a bind sheโฆ
8.5
CVE-2021-47773 - Dynojet Power Core 2.3.0 - Unquoted Service Path
Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers can exploit the unquoted binary path by placing malicious executables in the service's file path to โฆ
8.4
CVE-2021-47772 - 10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow (SEH)
10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution. Attackers can craft a malicious text file with carefully constructed payload to trigger a reverse shell and execute arbitrary code on the tโฆ
6.8
CVE-2021-47771 - RDP Manager 4.9.9.3 - Denial-of-Service (PoC)
RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full reinstallโฆ