CVE-2021-36351
SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.
Source: CVE-2021-36351
CVE-2021-36351
SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.
Source: CVE-2021-36351
CVE-2021-36705
In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system.
Source: CVE-2021-36705
CVE-2021-36706
In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system.
Source: CVE-2021-36706
CVE-2021-36708
In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router.
Source: CVE-2021-36708
CVE-2020-22330
Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.
Source: CVE-2020-22330
CVE-2021-37381
Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users’ private information such as photos through CSRF. For example: any student’s photo information can be accessed through /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]. Among them, the code in [1] is a random string generated according to the user’s login related information. It can protect the user’s identity, but it can not effectively prevent unauthorized access. The code in [2] is the student number of any student. The attacker can carry out CSRF attack on the system by modifying [2] without modifying [1].
Source: CVE-2021-37381
CVE-2021-22295
A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler.
Source: CVE-2021-22295
CVE-2021-38151
index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS.
Source: CVE-2021-38151
CVE-2021-37388
A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.
Source: CVE-2021-37388
CVE-2021-38152
index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS.
Source: CVE-2021-38152