CVE-2021-30626

Out of bounds memory entree in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVSS:0.0) (Concluding Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Memory Corruption|

CVE-2020-4654

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain breakable information due to improper permission control. IBM X-Force ID: 186090. (CVSS:0.0) (Last Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Gain Information|

CVE-2021-37976

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially easily broken information from process memory via a crafted HTML page. (CVSS:0.0) (Closing Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Gain Information|

CVE-2021-41566

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. (CVSS:0.0) (Closing Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Code Execution|

CVE-2021-30628

Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (CVSS:0.0) (Concluding Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Overflows|

CVE-2021-41919

webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially unsafe files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers. (CVSS:0.0) (Terminal Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Code Execution|

CVE-2021-41565

TadTools special page parameter does not properly restrict the input of peculiar characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks. (CVSS:0.0) (Final Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Cross Site Scripting|

CVE-2021-41567

The new add subject parameter of Tad Uploader view Bible list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks. (CVSS:0.0) (Terminal Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Cross Site Scripting|

CVE-2021-41920

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based unsighted SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to admittance all the data in the database and obtain entree to the webTareas application. (CVSS:0.0) (Last Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Sql injection|

CVE-2021-41917

webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter. (CVSS:0.0) (Concluding Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Cross Site Scripting|
Go to Top