Skip to main content
CVE-2021-41729 CRITICAL POC Act Now

BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Baicloud Cms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-33583 CRITICAL Act Now

REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Timecard
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-41288 CRITICAL Act Now

Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.1
9.8
EPSS
79.6%
CVE-2021-20578 CRITICAL PATCH Act Now

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Cloud Pak For Security
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-41301 CRITICAL Act Now

ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Authentication Bypass Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-41300 CRITICAL Act Now

ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-41299 CRITICAL Act Now

ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-41296 CRITICAL Act Now

ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-41290 CRITICAL Act Now

ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal File Upload Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-41616 CRITICAL Act Now

Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Java Ddlutils
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-41294 CRITICAL Act Now

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-41292 CRITICAL Act Now

ECOA BAS controller suffers from an authentication bypass vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy