6.8
CVE-2021-47771 - RDP Manager 4.9.9.3 - Denial-of-Service (PoC)
RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full reinstallβ¦
5.1
CVE-2021-47769 - Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phβ¦
5.3
CVE-2021-47768 - ImportExportTools NG 10.0.4 - HTML Injection
ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data orβ¦
8.5
CVE-2021-47767 - 10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path
10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path segments to achieve privilege escalationβ¦
7.1
CVE-2021-47766 - Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated)
Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to potenβ¦
6.7
CVE-2021-47765 - AbsoluteTelnet 11.24 - 'Username' Denial of Service (PoC)
AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the username or email address fields, causing the application to bβ¦
6.7
CVE-2021-47764 - AbsoluteTelnet 11.24 - 'Phone' Denial of Service (PoC)
AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating DialUp connection and license name fields. Attackers can generate a 1000-character payload and paste it into specific input fields to trigger application crashes and β¦
8.8
CVE-2021-47763 - Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection
Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint.
8.5
CVE-2021-47762 - HTTPDebuggerPro 9.11 - Unquoted Service Path
HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated accesβ¦
8.5
CVE-2021-47761 - MilleGPG5 5.7.2 Luglio 2021 (x64) - Local Privilege Escalation
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts.