Remotely alerts

CVE-2021-24675

on Oct. 20, 2021, 10:18 p.m.

The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24672

on Oct. 20, 2021, 10:18 p.m.

The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-3858

on Oct. 20, 2021, 10:14 p.m.

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-33988

on Oct. 20, 2021, 10:13 p.m.

Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24754

on Oct. 21, 2021, 5:17 p.m.

The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24760

on Oct. 21, 2021, 5:11 p.m.

The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-42566

on Oct. 21, 2021, 4:49 p.m.

myfactory.FMS before 7.1-912 allows XSS via the Error parameter.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-42565

on Oct. 21, 2021, 4:46 p.m.

myfactory.FMS before 7.1-912 allows XSS via the UID parameter.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2018-16061

on Oct. 21, 2021, 4:29 p.m.

Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24651

on July 29, 2022, 10:15 a.m.

The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24683

on July 29, 2022, 10:15 a.m.

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-40618

on Oct. 19, 2021, 12:33 p.m.

An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40292

on Oct. 19, 2021, 12:22 p.m.

A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-21941

on Oct. 19, 2021, 12:10 p.m.

A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2020-25651

on Oct. 19, 2021, 12:08 p.m.

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest …

Learn more

Tags:  ExploitMailing ListThird Party Advisory

CVE-2020-25689

on Oct. 19, 2021, 12:06 p.m.

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of …

Learn more

Tags:  ExploitIssue TrackingPatchVendor Advisory

CVE-2021-21940

on Oct. 19, 2021, 12:04 p.m.

A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-41117

on Oct. 19, 2021, 2:19 a.m.

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library is generating identical …

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-40239

on Oct. 19, 2021, 2:15 a.m.

A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-40617

on Oct. 19, 2021, 2 a.m.

An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.

Learn more

Tags:  ExploitIssue TrackingMitigationThird Party Advisory

CVE-2021-42260

on May 1, 2022, 1:15 a.m.

TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.

Learn more

Tags:  ExploitThird Party AdvisoryIssue Tracking

CVE-2021-23448

on Oct. 19, 2021, 1:24 a.m.

All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-40189

on Oct. 19, 2021, 1:09 a.m.

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40496

on Nov. 28, 2021, 11:37 p.m.

SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability …

Learn more

Tags:  Vendor AdvisoryExploitThird Party Advisory

CVE-2020-22673

on Oct. 18, 2021, 8:23 p.m.

Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2020-22679

on Oct. 18, 2021, 8:22 p.m.

Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2020-28145

on Oct. 18, 2021, 7:54 p.m.

Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-27372

on Oct. 18, 2021, 7:41 p.m.

A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-22263

on Oct. 18, 2021, 7:37 p.m.

An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-38344

on July 5, 2022, 3:03 p.m.

The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-20121

on Oct. 18, 2021, 6:44 p.m.

The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device's …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-20122

on Oct. 18, 2021, 6:39 p.m.

The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-40188

on Oct. 18, 2021, 6:21 p.m.

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-3330

on Oct. 18, 2021, 6:17 p.m.

RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-3323

on Oct. 18, 2021, 6:05 p.m.

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-3322

on Oct. 18, 2021, 6:05 p.m.

Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-24576

on Oct. 18, 2021, 5:57 p.m.

The Easy Accordion WordPress plugin before 2.0.22 does not properly sanitize inputs when adding new items to an accordion.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-3321

on Oct. 18, 2021, 5:52 p.m.

Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-23440

on Nov. 3, 2021, 8:29 p.m.

This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2020-22678

on Oct. 18, 2021, 4:21 p.m.

An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2020-22677

on Oct. 18, 2021, 4:20 p.m.

An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2020-22675

on Oct. 18, 2021, 4:19 p.m.

An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2020-22674

on Oct. 18, 2021, 4:19 p.m.

An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-35067

on Oct. 18, 2021, 3:52 p.m.

Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message).

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-39537

on Nov. 30, 2021, 10:42 p.m.

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Learn more

Tags:  ExploitMailing ListVendor Advisory

CVE-2021-40191

on Oct. 18, 2021, 1:50 p.m.

Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-28966

on Oct. 18, 2021, 12:56 p.m.

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.

Learn more

Tags:  ExploitIssue TrackingPatchThird Party Advisory

CVE-2021-32786

on May 10, 2022, 6:02 p.m.

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-40543

on Oct. 18, 2021, 12:54 p.m.

Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40542

on Oct. 18, 2021, 12:46 p.m.

Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-5811

on Oct. 18, 2021, 12:41 p.m.

An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-21834

on Oct. 18, 2021, 12:30 p.m.

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-29005

on Oct. 18, 2021, 12:27 p.m.

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-21837

on May 31, 2022, 7:01 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21861

on May 31, 2022, 6:59 p.m.

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-21860

on Oct. 18, 2021, 12:25 p.m.

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-21859

on Oct. 18, 2021, 12:23 p.m.

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-38699

on Oct. 18, 2021, 12:23 p.m.

TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-36159

on Oct. 18, 2021, 12:19 p.m.

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-33195

on Oct. 18, 2021, 12:19 p.m.

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-24400

on Oct. 18, 2021, 12:13 p.m.

The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-40888

on Oct. 18, 2021, 12:12 p.m.

Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code.

Learn more

Tags:  Third Party AdvisoryPatchVendor AdvisoryExploit

CVE-2021-40887

on Oct. 18, 2021, 12:10 p.m.

Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24286

on Oct. 18, 2021, 12:06 p.m.

The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24276

on Oct. 18, 2021, 12:06 p.m.

The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24275

on Oct. 18, 2021, 12:06 p.m.

The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24176

on Oct. 18, 2021, 12:06 p.m.

The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2020-25901

on Oct. 18, 2021, 12:06 p.m.

Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2019-18413

on Dec. 7, 2021, 8:39 p.m.

In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable …

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2018-17207

on Oct. 18, 2021, 12:03 p.m.

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2018-0315

on June 2, 2022, 5:27 p.m.

A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the …

Learn more

Tags:  Vendor AdvisoryExploitThird Party AdvisoryVDB Entry

CVE-2021-24678

on Oct. 18, 2021, 11:58 a.m.

The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-36621

on Oct. 18, 2021, 11:56 a.m.

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator.

Learn more

Tags:  ExploitThird Party AdvisoryVDB Entry

CVE-2021-37576

on Oct. 18, 2021, 11:55 a.m.

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.

Learn more

Tags:  ExploitMailing ListPatchVendor Advisory

CVE-2021-34370

on Oct. 18, 2021, 11:52 a.m.

** DISPUTED ** Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information."

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24287

on Oct. 18, 2021, 11:51 a.m.

The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-3612

on Dec. 17, 2021, 1:15 a.m.

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as …

Learn more

Tags:  ExploitMailing ListPatchVendor Advisory

CVE-2021-38198

on Dec. 17, 2021, 1:15 a.m.

arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-22543

on April 1, 2022, 6:45 p.m.

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-39317

on Feb. 19, 2022, 4:43 a.m.

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-40886

on Oct. 16, 2021, 12:56 a.m.

Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to bypass `fileName` sanitization.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-40884

on Oct. 16, 2021, 12:49 a.m.

Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-37976

on Feb. 19, 2022, 4:44 a.m.

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Learn more

Tags:  Release NotesVendor AdvisoryIssue TrackingExploitBroken LinkPatchThird Party AdvisoryVDB Entry

CVE-2021-40541

on Oct. 15, 2021, 8:32 p.m.

PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-41878

on Dec. 1, 2021, 3:10 p.m.

A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-41798

on Nov. 26, 2021, 8:56 p.m.

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2020-21658

on Oct. 15, 2021, 5:48 p.m.

A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-21654

on Oct. 15, 2021, 5:31 p.m.

emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-24712

on Oct. 15, 2021, 4:34 p.m.

The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24690

on Oct. 15, 2021, 4:33 p.m.

The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24545

on Oct. 15, 2021, 4:32 p.m.

The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24563

on Feb. 19, 2022, 4:44 a.m.

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24546

on Oct. 15, 2021, 4:31 p.m.

The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24656

on Oct. 15, 2021, 4:29 p.m.

The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24691

on Oct. 15, 2021, 4:27 p.m.

The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24709

on Oct. 15, 2021, 4:26 p.m.

The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24737

on Oct. 15, 2021, 4:25 p.m.

The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24711

on Oct. 15, 2021, 4:25 p.m.

The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24681

on Oct. 15, 2021, 4:23 p.m.

The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24577

on Oct. 15, 2021, 4:23 p.m.

The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS.

Learn more

Tags:  ExploitThird Party Advisory