Remotely alerts

CVE-2021-20825

on Oct. 18, 2021, 12:13 p.m.

Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.

Learn more

Tags:  Product

CVE-2021-35059

on Oct. 15, 2021, 8:30 p.m.

OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-37608

on April 6, 2022, 3:12 p.m.

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297.

Learn more

Tags:  PatchProductVendor Advisory

CVE-2019-15780

on April 18, 2022, 4:12 p.m.

The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-40683

on Oct. 12, 2021, 10:05 p.m.

In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-35504

on Oct. 12, 2021, 2:53 p.m.

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.

Learn more

Tags:  Product

CVE-2021-35505

on Oct. 12, 2021, 2:52 p.m.

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.

Learn more

Tags:  Product

CVE-2021-35506

on Oct. 8, 2021, 7:10 p.m.

Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.

Learn more

Tags:  Product

CVE-2021-35503

on Oct. 8, 2021, 6:45 p.m.

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.

Learn more

Tags:  Product

CVE-2021-41381

on Nov. 30, 2021, 10:37 p.m.

Payara Micro Community 5.2021.6 and below allows Directory Traversal.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-41647

on Oct. 8, 2021, 3:19 p.m.

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-41649

on Oct. 7, 2021, 6:33 p.m.

An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.

Learn more

Tags:  Product

CVE-2021-40825

on Oct. 4, 2021, 4:07 p.m.

nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an encrypted channel to secure SensorViewTM configuration and monitoring software and nECY to nECY communications. Impacted devices are …

Learn more

Tags:  ProductVendor Advisory

CVE-2021-39219

on Dec. 21, 2021, 2:09 p.m.

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use `unsafe` then it should not be possible to have memory unsafety …

Learn more

Tags:  Product

CVE-2021-39218

on Dec. 10, 2021, 8:06 p.m.

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm …

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-39216

on Dec. 21, 2021, 2:18 p.m.

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externref`s from the host to a Wasm instance at the same …

Learn more

Tags:  Product

CVE-2021-30086

on Oct. 1, 2021, 1:56 p.m.

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-37424

on Oct. 1, 2021, 1:44 a.m.

ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-37420

on March 18, 2022, 8:40 p.m.

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-37419

on March 18, 2022, 8:43 p.m.

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.

Learn more

Tags:  Product

CVE-2021-41316

on Sept. 30, 2021, 6:23 p.m.

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-28960

on Sept. 29, 2021, 4:30 p.m.

ManageEngine Desktop Central before build 10.0.683 allows Unauthenticated Remote Code Execution during communication with Notification Server.

Learn more

Tags:  Product

CVE-2021-40875

on Sept. 29, 2021, 3:37 p.m.

Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result …

Learn more

Tags:  ProductVendor Advisory

CVE-2021-40639

on Sept. 28, 2021, 3:33 p.m.

Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-35269

on Nov. 29, 2021, 9:17 p.m.

NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-35268

on Nov. 29, 2021, 9:20 p.m.

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-35267

on Nov. 29, 2021, 9:15 p.m.

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.

Learn more

Tags:  ProductVendor AdvisoryRelease Notes

CVE-2021-35266

on Nov. 29, 2021, 9:16 p.m.

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-33289

on Nov. 29, 2021, 9:21 p.m.

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-33287

on Nov. 29, 2021, 9:16 p.m.

In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.

Learn more

Tags:  Product

CVE-2020-8232

on Sept. 23, 2021, 1:57 p.m.

An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages.

Learn more

Tags:  Product

CVE-2021-40214

on Sept. 22, 2021, 8:01 p.m.

Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.

Learn more

Tags:  Product

CVE-2021-38833

on Sept. 21, 2021, 6:42 p.m.

SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-29376

on Sept. 21, 2021, 5:48 p.m.

ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-33286

on Nov. 29, 2021, 9:20 p.m.

In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-37601

on Sept. 20, 2021, 12:22 p.m.

muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.

Learn more

Tags:  ExploitProduct

CVE-2021-39378

on Sept. 16, 2021, 3:48 p.m.

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the NamesList.php str parameter.

Learn more

Tags:  Product

CVE-2020-24558

on Sept. 16, 2021, 1:43 p.m.

A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order …

Learn more

Tags:  ProductVendor Advisory

CVE-2021-38698

on Sept. 15, 2021, 8:25 p.m.

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.

Learn more

Tags:  ProductVendor Advisory

CVE-2020-26300

on Sept. 15, 2021, 2:50 p.m.

systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-29484

on Sept. 14, 2021, 6:47 p.m.

Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they've visited …

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-27198

on Sept. 14, 2021, 4:39 p.m.

An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the …

Learn more

Tags:  ProductVendor Advisory

CVE-2020-19201

on Sept. 14, 2021, 2:46 p.m.

A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr (description) parameter on NAT rules.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-25790

on Sept. 13, 2021, 2:45 p.m.

Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.

Learn more

Tags:  Product

CVE-2021-31797

on Sept. 10, 2021, 5:04 p.m.

The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure.

Learn more

Tags:  Product

CVE-2021-31796

on Sept. 10, 2021, 5:03 p.m.

An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36.

Learn more

Tags:  Product

CVE-2021-31798

on Sept. 10, 2021, 4:53 p.m.

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files.

Learn more

Tags:  Product

CVE-2021-34150

on Sept. 10, 2021, 3:16 p.m.

The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user …

Learn more

Tags:  ProductVendor Advisory

CVE-2021-37151

on Jan. 6, 2022, 7:19 p.m.

CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one (aka Username Enumeration). Response differentiation enables attackers to enumerate usernames of valid application users. Attackers …

Learn more

Tags:  ProductVendor Advisory

CVE-2021-28136

on Sept. 9, 2021, 11:32 p.m.

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-28139

on Sept. 9, 2021, 11:30 p.m.

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-35215

on Sept. 9, 2021, 7:31 p.m.

Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-38306

on Sept. 9, 2021, 6:58 p.m.

Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-35508

on Sept. 9, 2021, 6:54 p.m.

NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary service.

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-39377

on Sept. 9, 2021, 4:49 p.m.

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter.

Learn more

Tags:  Product

CVE-2021-27293

on Sept. 9, 2021, 12:43 p.m.

RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.

Learn more

Tags:  Product

CVE-2021-40353

on Sept. 9, 2021, 12:52 a.m.

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637.

Learn more

Tags:  Product

CVE-2021-37794

on Sept. 8, 2021, 5:27 p.m.

A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.

Learn more

Tags:  ProductThird Party Advisory

CVE-2020-8514

on Sept. 8, 2021, 5:22 p.m.

An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.

Learn more

Tags:  Product

CVE-2021-38145

on Sept. 8, 2021, 3:02 p.m.

An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/export_manager/export.php?export_group_id=1&export_group_1_results=all&export_type_id=1.

Learn more

Tags:  ProductThird Party Advisory

CVE-2020-13639

on Sept. 8, 2021, 12:40 p.m.

A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECT_Provider/, such that when the content is viewed (it can only be viewed by Administrators), attacker-controlled JavaScript will execute in the security context …

Learn more

Tags:  Product

CVE-2021-32831

on Sept. 7, 2021, 7:43 p.m.

Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is …

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-38556

on Sept. 2, 2021, 4:54 p.m.

includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.

Learn more

Tags:  Product

CVE-2021-38557

on Sept. 2, 2021, 4:26 p.m.

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with any executable content.

Learn more

Tags:  Product

CVE-2021-20793

on Sept. 1, 2021, 9:23 p.m.

Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-27944

on Sept. 1, 2021, 5:13 p.m.

Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload.

Learn more

Tags:  Product

CVE-2021-37154

on Sept. 1, 2021, 3:35 p.m.

In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-37153

on Sept. 1, 2021, 2:12 a.m.

ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-36748

on Aug. 30, 2021, 11:34 a.m.

A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter.

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-38559

on Aug. 27, 2021, 9:10 p.m.

DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.

Learn more

Tags:  Product

CVE-2021-36380

on Aug. 27, 2021, 7:31 p.m.

Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.

Learn more

Tags:  Product

CVE-2019-18822

on Aug. 27, 2021, 3:58 p.m.

A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the callrec-rs@.service. The callrec-rs@.service starts the /opt/callrec/bin/rs binary with root privileges, and this binary is owned by callrec. It can be …

Learn more

Tags:  Product

CVE-2021-27565

on Aug. 26, 2021, 4:59 p.m.

The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop() debugger hook.

Learn more

Tags:  Product

CVE-2021-20792

on Aug. 25, 2021, 10:51 a.m.

Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.

Learn more

Tags:  Product

CVE-2021-38608

on Aug. 24, 2021, 5:04 p.m.

Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-36982

on Aug. 24, 2021, 3:55 p.m.

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-39267

on Aug. 24, 2021, 12:52 p.m.

Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allow JavaScript execution (such as text/xml) are not blocked.

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-37599

on Aug. 23, 2021, 3:34 p.m.

The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code in some situations) via the txtPassword parameter.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-38371

on Aug. 20, 2021, 5:32 p.m.

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.

Learn more

Tags:  Product

CVE-2019-12498

on Aug. 12, 2021, 5:49 p.m.

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.

Learn more

Tags:  Product

CVE-2018-18886

on Aug. 12, 2021, 5:48 p.m.

Helpy v2.1.0 has Stored XSS via the Ticket title.

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-38095

on Aug. 11, 2021, 8:05 p.m.

The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-37832

on Aug. 11, 2021, 4:36 p.m.

A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.

Learn more

Tags:  Product

CVE-2021-37833

on Aug. 11, 2021, 4:19 p.m.

A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.

Learn more

Tags:  Product

CVE-2020-35848

on Aug. 10, 2021, 5:15 p.m.

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.

Learn more

Tags:  ProductVendor Advisory

CVE-2020-35847

on Aug. 10, 2021, 5:15 p.m.

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.

Learn more

Tags:  ProductVendor Advisory

CVE-2021-37392

on Aug. 6, 2021, 4:21 p.m.

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected user will trigger the XSS.

Learn more

Tags:  Product

CVE-2021-37393

on Aug. 6, 2021, 4:16 p.m.

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the XSS.

Learn more

Tags:  Product

CVE-2021-37394

on Aug. 6, 2021, 4:11 p.m.

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.

Learn more

Tags:  Product

CVE-2021-37468

on Aug. 5, 2021, 5:27 p.m.

NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.

Learn more

Tags:  Product

CVE-2021-37452

on Aug. 5, 2021, 5:20 p.m.

NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.

Learn more

Tags:  Product

CVE-2020-35138

on Aug. 4, 2021, 7:15 p.m.

** DISPUTED ** The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in the com/mobileiron/common/utils/C4928m.java file. NOTE: It has been asserted that there is no causality or connection between …

Learn more

Tags:  ProductThird Party Advisory

CVE-2021-37446

on Aug. 4, 2021, 6:50 p.m.

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.

Learn more

Tags:  Product

CVE-2021-37447

on Aug. 4, 2021, 6:43 p.m.

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.

Learn more

Tags:  Product

CVE-2021-24036

on Aug. 4, 2021, 5:38 p.m.

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions …

Learn more

Tags:  ProductVendor Advisory

CVE-2021-34802

on Aug. 4, 2021, 12:52 a.m.

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges.

Learn more

Tags:  Product

CVE-2021-37478

on Aug. 3, 2021, 8:42 p.m.

In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database.

Learn more

Tags:  Product

CVE-2020-12731

on Aug. 3, 2021, 4:49 p.m.

The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications.

Learn more

Tags:  Product

CVE-2020-12729

on Aug. 3, 2021, 4:48 p.m.

MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors.

Learn more

Tags:  Product

CVE-2021-21392

on Nov. 23, 2021, 10:36 p.m.

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the …

Learn more

Tags:  ProductThird Party Advisory