CVE-2021-40881

An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.

Source: CVE-2021-40881

CVE-2021-33044

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Source: CVE-2021-33044

CVE-2021-33045

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Source: CVE-2021-33045

CVE-2021-40639

Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.

Source: CVE-2021-40639

CVE-2020-21483

An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.

Source: CVE-2020-21483

CVE-2020-21482

A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the administrator’s cookie via a crafted payload in the Name field under the Message Board module

Source: CVE-2020-21482

CVE-2020-21481

An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file.

Source: CVE-2020-21481

CVE-2020-21480

An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file.

Source: CVE-2020-21480

CVE-2020-21322

An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.

Source: CVE-2020-21322

CVE-2020-21321

emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.

Source: CVE-2020-21321