Security Vulnerabilities - CVEs Published In October 2021
A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-10-01
Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
CVSS Score
9.8
EPSS Score
0.152
Published
2021-10-01
emlog v6.0.0 contains a SQL injection via /admin/comment.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2021-10-01
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-10-01
Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.
CVSS Score
7.8
EPSS Score
0.014
Published
2021-10-01
Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.
CVSS Score
7.8
EPSS Score
0.014
Published
2021-10-01
Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-10-01
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-10-01
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-10-01
Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.
CVSS Score
6.1
EPSS Score
0.144
Published
2021-10-01