CVE-2021-41566

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. (CVSS:0.0) (Closing Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Code Execution|

CVE-2021-41919

webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially unsafe files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers. (CVSS:0.0) (Terminal Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Code Execution|

CVE-2021-37928

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. (CVSS:0.0) (Last Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Code Execution|

CVE-2021-37929

Zoho ManageEngine ADManager Valuable quality version 7110 and prior allows unrestricted file upload which leads to remote code execution. (CVSS:0.0) (Closing Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Code Execution|

CVE-2021-37930

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. (CVSS:0.0) (Closing Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Code Execution|

CVE-2021-37931

Zoho ManageEngine ADManager Valuable quality version 7110 and prior allows unrestricted file upload which leads to remote code execution. (CVSS:0.0) (Closing Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Code Execution|

CVE-2021-40725

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. (CVSS:0.0) (Terminal Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Code Execution|

CVE-2021-40726

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. (CVSS:0.0) (Concluding Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Code Execution|

CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. (CVSS:0.0) (Last Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Code Execution|

CVE-2021-42071

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py Uaer-Agent HTTP header. (CVSS:0.0) (Last Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Code Execution|
Go to Top