CVE-2021-34244
A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users’ passwords.
Source: CVE-2021-34244
[월:] 2021년 06월
CVE-2021-35046
CVE-2021-35046
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.
Source: CVE-2021-35046
CVE-2021-35045
CVE-2021-35045
Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint.
Source: CVE-2021-35045
CVE-2021-34243
CVE-2021-34243
A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file.
Source: CVE-2021-34243
CVE-2010-4816
CVE-2010-4816
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.
Source: CVE-2010-4816
CVE-2010-4264
CVE-2010-4264
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
Source: CVE-2010-4264
CVE-2010-4266
CVE-2010-4266
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.
Source: CVE-2010-4266
CVE-2010-3446
CVE-2010-3446
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Source: CVE-2010-3446
CVE-2021-0551
CVE-2021-0551
In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180518039
Source: CVE-2021-0551
CVE-2021-0550
CVE-2021-0550
In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179688673
Source: CVE-2021-0550