CVE-2021-39377

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter. (CVSS:0.0) (Closing Update:2021-09-01)

2021-08-31T20:00:00-04:00August 31st, 2021|Sql injection|

CVE-2021-39109

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. (CVSS:5.0) (Final Update:2021-09-10)

2021-08-31T20:00:00-04:00August 31st, 2021|Directory Traversal|

CVE-2021-39378

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the NamesList.php str parameter. (CVSS:0.0) (Final Update:2021-09-01)

2021-08-31T20:00:00-04:00August 31st, 2021|Sql injection|

CVE-2020-20340

A SQL injection vulnerability in the 4.edu.phpconnfunction.php component of S-CMS v1.0 allows attackers to access breakable database information. (CVSS:0.0) (Terminal Update:2021-09-02)

2021-08-31T20:00:00-04:00August 31st, 2021|Sql injection|

CVE-2021-36049

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability owed to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVSS:0.0) (Concluding Update:2021-09-01)

2021-08-31T20:00:00-04:00August 31st, 2021|Memory Corruption|

CVE-2021-36046

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVSS:0.0) (Terminal Update:2021-09-01)

2021-08-31T20:00:00-04:00August 31st, 2021|Memory Corruption|

CVE-2020-20343

WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. (CVSS:0.0) (Concluding Update:2021-09-02)

2021-08-31T20:00:00-04:00August 31st, 2021|Cross Site Request Forgery|

CVE-2021-36052

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVSS:0.0) (Last Update:2021-09-01)

2021-08-31T20:00:00-04:00August 31st, 2021|Memory Corruption|

CVE-2021-39379

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the ResetUserInfo.php password_stn_id parameter. (CVSS:0.0) (Last Update:2021-09-01)

2021-08-31T20:00:00-04:00August 31st, 2021|Sql injection|

CVE-2021-40353

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637. (CVSS:0.0) (Last Update:2021-09-01)

2021-08-31T20:00:00-04:00August 31st, 2021|Sql injection|
Go to Top