Vulnerabilities With Exploits

CVE-2014-4019

February 19th, 2020|Vulnerabilities with Exploits|

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores fragile information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. (CVSS:5.0) (Concluding Update:2020-02-28)

CVE-2012-2629

February 19th, 2020|Vulnerabilities with Exploits|

Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) system_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php. (CVSS:6.8) (Closing Update:2020-02-28)

CVE-2012-6614

February 18th, 2020|Vulnerabilities with Exploits|

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. (CVSS:9.0) (Closing Update:2020-03-05)

CVE-2013-4211

February 13th, 2020|Vulnerabilities with Exploits|

A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 owed to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code (CVSS:7.5) (Concluding Update:2020-02-19)

CVE-2014-4170

February 12th, 2020|Vulnerabilities with Exploits|

A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient accession restrictions in the data.php script, which could let a remote malicious user obtain admittance or modify or delete database information. (CVSS:7.5) (Concluding Update:2020-02-19)

CVE-2014-4968

February 11th, 2020|Vulnerabilities with Exploits|

The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636. (CVSS:6.8) (Terminal Update:2020-02-19)

CVE-2013-2637

February 11th, 2020|Vulnerabilities with Exploits|

A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. (CVSS:4.3) (Concluding Update:2020-02-18)

CVE-2013-0803

February 10th, 2020|Vulnerabilities with Exploits|

A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. (CVSS:7.5) (Final Update:2020-02-14)

CVE-2012-1124

February 10th, 2020|Vulnerabilities with Exploits|

SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. (CVSS:7.5) (Last Update:2020-02-13)

CVE-2014-8347

February 10th, 2020|Vulnerabilities with Exploits|

An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges. (CVSS:4.6) (Closing Update:2020-02-13)

CVE-2013-5945

February 10th, 2020|Vulnerabilities with Exploits|

Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. (CVSS:10.0) (Closing Update:2021-04-23)

CVE-2013-1360

February 10th, 2020|Vulnerabilities with Exploits|

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Worldwide Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative admittance. (CVSS:10.0) (Terminal Update:2020-02-13)

CVE-2013-1359

February 10th, 2020|Vulnerabilities with Exploits|

An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Universal Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Worldwide Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain entree to the root account. (CVSS:10.0) (Last Update:2020-02-14)

CVE-2014-5468

February 6th, 2020|Vulnerabilities with Exploits|

A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain breakable information or execute arbitrary code. (CVSS:6.8) (Final Update:2020-02-11)

CVE-2014-5091

February 6th, 2020|Vulnerabilities with Exploits|

A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. (CVSS:10.0) (Concluding Update:2020-02-11)

CVE-2013-3568

February 5th, 2020|Vulnerabilities with Exploits|

Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via obscure vectors. (CVSS:6.8) (Final Update:2020-02-12)

CVE-2012-2593

February 5th, 2020|Vulnerabilities with Exploits|

Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email. (CVSS:4.3) (Final Update:2020-02-10)

CVE-2013-2678

February 3rd, 2020|Vulnerabilities with Exploits|

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain frail information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. (CVSS:6.8) (Closing Update:2020-02-07)

CVE-2014-8322

January 30th, 2020|Vulnerabilities with Exploits|

Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. (CVSS:7.5) (Concluding Update:2020-02-05)

Code Execution

CVE-2021-41566

October 7th, 2021|Code Execution|

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. (CVSS:0.0) (Closing Update:2021-10-08)

CVE-2021-41919

October 7th, 2021|Code Execution|

webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially unsafe files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers. (CVSS:0.0) (Terminal Update:2021-10-08)

CVE-2021-42090

October 6th, 2021|Code Execution|

An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled. (CVSS:0.0) (Closing Update:2021-10-07)

CVE-2021-37928

October 6th, 2021|Code Execution|

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. (CVSS:0.0) (Last Update:2021-10-07)

CVE-2021-37929

October 6th, 2021|Code Execution|

Zoho ManageEngine ADManager Valuable quality version 7110 and prior allows unrestricted file upload which leads to remote code execution. (CVSS:0.0) (Closing Update:2021-10-07)

CVE-2021-37930

October 6th, 2021|Code Execution|

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. (CVSS:0.0) (Closing Update:2021-10-07)

CVE-2021-37931

October 6th, 2021|Code Execution|

Zoho ManageEngine ADManager Valuable quality version 7110 and prior allows unrestricted file upload which leads to remote code execution. (CVSS:0.0) (Closing Update:2021-10-07)

CVE-2021-40725

October 6th, 2021|Code Execution|

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. (CVSS:0.0) (Terminal Update:2021-10-07)

CVE-2021-40726

October 6th, 2021|Code Execution|

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. (CVSS:0.0) (Concluding Update:2021-10-07)

CVE-2021-42013

October 6th, 2021|Code Execution|

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. (CVSS:0.0) (Last Update:2021-10-07)

CVE-2021-42071

October 6th, 2021|Code Execution|

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py Uaer-Agent HTTP header. (CVSS:0.0) (Last Update:2021-10-07)

CVE-2021-42093

October 6th, 2021|Code Execution|

An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers. (CVSS:0.0) (Terminal Update:2021-10-07)

CVE-2020-21865

October 6th, 2021|Code Execution|

ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha. (CVSS:0.0) (Final Update:2021-10-07)

CVE-2021-34777

October 5th, 2021|Code Execution|

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Bright Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. (CVSS:0.0) (Final Update:2021-10-06)

CVE-2021-34778

October 5th, 2021|Code Execution|

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Clever Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. (CVSS:0.0) (Last Update:2021-10-06)

CVE-2021-34779

October 5th, 2021|Code Execution|

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Bright Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. (CVSS:0.0) (Closing Update:2021-10-06)

CVE-2021-34780

October 5th, 2021|Code Execution|

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Clever Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the equivalent broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. (CVSS:0.0) (Last Update:2021-10-06)

CVE-2021-34788

October 5th, 2021|Code Execution|

A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for shared library files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with root privileges. To exploit this vulnerability, the attacker must have a valid account on the system. (CVSS:0.0) (Terminal Update:2021-10-06)

CVE-2021-41129

October 5th, 2021|Code Execution|

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In infrequent cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication enabled, and then must provide a correct two-factor authentication token before being authenticated as that user. Owed to a validation flaw in the logic handling user authentication during the two-factor authentication process a malicious user can trick the system into loading credentials for an arbitrary user by modifying the token sent to the server. This authentication flaw is present in the `LoginCheckpointController@__invoke` method which handles two-factor authentication for a user. This controller looks for a request input parameter called `confirmation_token` which is expected to be a 64 character random alpha-numeric string that references a value within the Panel's cache containing a `user_id` value. This value is then used to fetch the user that attempted to login, and lookup their two-factor authentication token. Due to the design of this system, any element in the cache that contains only digits could be referenced by a malicious user, and whatever value is stored at that position would be used as the `user_id`. There are a few dissimilar areas of the Panel that store values into the cache that are integers, and a user who determines what those cache keys are could pass one of those keys which would cause this code pathway to reference an arbitrary user. At its heart this is a high-risk login bypass vulnerability. However, there are a few additional conditions that must be met in order for this to be successfully executed, notably: 1.) The account referenced by the malicious cache key must have two-factor authentication enabled. An account without two-factor authentication would cause an exception to be triggered by the authentication logic, thusly exiting this authentication flow. 2.) Flush if the malicious user is able to reference a valid cache key that references a valid user account with two-factor authentication, they must provide a valid two-factor authentication token. However, owed to the design of this endpoint once a valid user account is found with two-factor authentication enabled there is no rate-limiting present, thusly allowing an attacker to brute force combinations until successful. This leads to a third precondition that must be met: 3.) For the duration of this attack sequence the cache key being referenced must continue to exist with a valid `user_id` value. Depending on the peculiar key being used for this attack, this value may disappear quickly, or be changed by other random user interactions on the Panel, outside the control of the attacker. In order to mitigate this vulnerability the underlying authentication logic was changed to use an encrypted session store that the user is therefore unable to control the value of. This completely removed the use of a user-controlled value being used. In addition, the code was audited to ensure this type of vulnerability is not present elsewhere. (CVSS:0.0) (Last Update:2021-10-06)

CVE-2021-25487

October 5th, 2021|Code Execution|

Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer. (CVSS:0.0) (Final Update:2021-10-06)

CVE-2021-41128

October 5th, 2021|Code Execution|

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports (Statistics & BAG MED) contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get executed upon ingestion of the exported file. There is no validation or sanitization of these formula fields and so malicious may construct malicious code. This vulnerability has been resolved in version 1.30.4. There are no workarounds and all users are advised to upgrade their package. (CVSS:0.0) (Final Update:2021-10-06)

CVE-2021-34710

October 5th, 2021|Code Execution|

Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. (CVSS:0.0) (Last Update:2021-10-06)

CVE-2021-34735

October 5th, 2021|Code Execution|

Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. (CVSS:0.0) (Closing Update:2021-10-06)

CVE-2021-34742

October 5th, 2021|Code Execution|

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or entree easily broken, browser-based information. (CVSS:0.0) (Terminal Update:2021-10-06)

CVE-2021-34748

October 5th, 2021|Code Execution|

A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device. (CVSS:0.0) (Concluding Update:2021-10-06)

Cross Site Forgery Request

CVE-2021-41916

October 7th, 2021|Cross Site Request Forgery|

A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a recently created administrative profile and add a unused or little used user to the unused or little used profile. without the victim's knowledge, by enticing an authenticated admin user to visit an attacker's web page. (CVSS:0.0) (Last Update:2021-10-08)

CVE-2021-20489

October 6th, 2021|Cross Site Request Forgery|

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790. (CVSS:0.0) (Last Update:2021-10-07)

CVE-2021-29837

October 5th, 2021|Cross Site Request Forgery|

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913. (CVSS:0.0) (Concluding Update:2021-10-06)

CVE-2021-35491

October 4th, 2021|Cross Site Request Forgery|

A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. (CVSS:0.0) (Terminal Update:2021-10-05)

CVE-2020-21386

October 3rd, 2021|Cross Site Request Forgery|

A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. (CVSS:0.0) (Last Update:2021-10-04)

CVE-2021-41764

September 28th, 2021|Cross Site Request Forgery|

A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a CSRF attack and send them to the attacker. (CVSS:0.0) (Concluding Update:2021-09-29)

CVE-2021-40108

September 26th, 2021|Cross Site Request Forgery|

An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. (CVSS:0.0) (Terminal Update:2021-09-27)

CVE-2021-22949

September 22nd, 2021|Cross Site Request Forgery|

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team" (CVSS:0.0) (Final Update:2021-09-23)

CVE-2021-22953

September 22nd, 2021|Cross Site Request Forgery|

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team" (CVSS:0.0) (Concluding Update:2021-09-23)

CVE-2021-29816

September 22nd, 2021|Cross Site Request Forgery|

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204341. (CVSS:0.0) (Concluding Update:2021-09-23)

CVE-2020-19951

September 22nd, 2021|Cross Site Request Forgery|

A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access easily broken components of the application. (CVSS:0.0) (Final Update:2021-09-23)

CVE-2021-41083

September 19th, 2021|Cross Site Request Forgery|

Dada Mail is a web-based e-mail list management system. In affected versions a spoiled actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the spoiled actor was logged in themselves. This includes changing any mailing list password, as well as the Dada Mail Root Password - which could effectively closed out being or occurring in fact or actuality list owners of the mailing list and allow the stinking actor perfect and unfettered control of your mailing list. This vulnerability also affects profile logins. For this vulnerability to work, the target of the spoilt actor would need to be logged into the list control panel themselves. This CSRF vulnerability in Dada Mail affects all versions of Dada Mail v11.15.1 and below. Although we know of no known CSRF exploits that have happened in the wild, this vulnerability has been confirmed by our testing, and by a third party. Users are advised to update to version 11.16.0. (CVSS:0.0) (Closing Update:2021-09-20)

CVE-2021-24639

September 19th, 2021|Cross Site Request Forgery|

The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server. (CVSS:0.0) (Concluding Update:2021-09-20)

CVE-2020-19159

September 14th, 2021|Cross Site Request Forgery|

Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'. (CVSS:0.0) (Final Update:2021-09-15)

CVE-2021-39209

September 14th, 2021|Cross Site Request Forgery|

GLPI is a free Plus and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading. (CVSS:0.0) (Closing Update:2021-09-15)

CVE-2021-40964

September 14th, 2021|Cross Site Request Forgery|

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..) in order to escape the server's intended working directory and write malicious files onto any directory on the computer. (CVSS:0.0) (Last Update:2021-09-15)

CVE-2021-40965

September 14th, 2021|Cross Site Request Forgery|

A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker. (CVSS:0.0) (Concluding Update:2021-09-15)

CVE-2021-23050

September 13th, 2021|Cross Site Request Forgery|

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVSS:0.0) (Closing Update:2021-09-14)

Cross Site Scripting

CVE-2021-41565

October 7th, 2021|Cross Site Scripting|

TadTools special page parameter does not properly restrict the input of peculiar characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks. (CVSS:0.0) (Final Update:2021-10-08)

CVE-2021-41567

October 7th, 2021|Cross Site Scripting|

The new add subject parameter of Tad Uploader view Bible list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks. (CVSS:0.0) (Terminal Update:2021-10-08)

CVE-2021-41917

October 7th, 2021|Cross Site Scripting|

webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter. (CVSS:0.0) (Concluding Update:2021-10-08)

CVE-2021-41918

October 7th, 2021|Cross Site Scripting|

webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the application because it is related on how each URL is echoed back on every response page. (CVSS:0.0) (Last Update:2021-10-08)

CVE-2021-42112

October 7th, 2021|Cross Site Scripting|

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. (CVSS:0.0) (Terminal Update:2021-10-08)

CVE-2021-42088

October 6th, 2021|Cross Site Scripting|

An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled. (CVSS:0.0) (Last Update:2021-10-07)

CVE-2020-21729

October 6th, 2021|Cross Site Scripting|

JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. (CVSS:0.0) (Final Update:2021-10-07)

CVE-2021-3834

October 6th, 2021|Cross Site Scripting|

Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS). (CVSS:0.0) (Closing Update:2021-10-07)

CVE-2021-20481

October 6th, 2021|Cross Site Scripting|

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503. (CVSS:0.0) (Concluding Update:2021-10-07)

CVE-2021-20561

October 6th, 2021|Cross Site Scripting|

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230. (CVSS:0.0) (Last Update:2021-10-07)

CVE-2021-20571

October 6th, 2021|Cross Site Scripting|

IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246. (CVSS:0.0) (Final Update:2021-10-07)

CVE-2021-42092

October 6th, 2021|Cross Site Scripting|

An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket. (CVSS:0.0) (Last Update:2021-10-07)

CVE-2021-39350

October 5th, 2021|Cross Site Scripting|

The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727. (CVSS:0.0) (Final Update:2021-10-06)

CVE-2021-29764

October 5th, 2021|Cross Site Scripting|

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 202268. (CVSS:0.0) (Last Update:2021-10-06)

CVE-2021-29836

October 5th, 2021|Cross Site Scripting|

IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204912. (CVSS:0.0) (Last Update:2021-10-06)

CVE-2021-29855

October 5th, 2021|Cross Site Scripting|

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684. (CVSS:0.0) (Closing Update:2021-10-06)

CVE-2021-21684

October 5th, 2021|Cross Site Scripting|

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. (CVSS:0.0) (Final Update:2021-10-06)

CVE-2021-23856

October 3rd, 2021|Cross Site Scripting|

The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. (CVSS:0.0) (Final Update:2021-10-04)

CVE-2020-21387

October 3rd, 2021|Cross Site Scripting|

A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. (CVSS:0.0) (Last Update:2021-10-04)

CVE-2020-21434

October 3rd, 2021|Cross Site Scripting|

Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field. (CVSS:0.0) (Closing Update:2021-10-04)

CVE-2020-21494

October 3rd, 2021|Cross Site Scripting|

A cross-site scripting (XSS) vulnerability in the component installinstall.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0. (CVSS:0.0) (Closing Update:2021-10-04)

CVE-2020-21495

October 3rd, 2021|Cross Site Scripting|

A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter. (CVSS:0.0) (Terminal Update:2021-10-04)

CVE-2020-21496

October 3rd, 2021|Cross Site Scripting|

A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter. (CVSS:0.0) (Closing Update:2021-10-04)

CVE-2021-25964

October 3rd, 2021|Cross Site Scripting|

In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has entree to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered. (CVSS:0.0) (Last Update:2021-10-04)

Denial Of Service

CVE-2021-40439

October 6th, 2021|Denial of Service|

Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched. (CVSS:0.0) (Terminal Update:2021-10-07)

CVE-2021-42084

October 6th, 2021|Denial of Service|

An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service. (CVSS:0.0) (Concluding Update:2021-10-07)

CVE-2021-0687

October 5th, 2021|Denial of Service|

In ellipsize of Layout.java, there is a feasible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-188913943 (CVSS:0.0) (Concluding Update:2021-10-06)

CVE-2021-25471

October 5th, 2021|Denial of Service|

A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion. (CVSS:0.0) (Terminal Update:2021-10-06)

CVE-2021-25477

October 5th, 2021|Denial of Service|

An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service. (CVSS:0.0) (Last Update:2021-10-06)

CVE-2021-25480

October 5th, 2021|Denial of Service|

A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection. (CVSS:0.0) (Terminal Update:2021-10-06)

CVE-2021-34698

October 5th, 2021|Denial of Service|

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) precondition on an affected device. This vulnerability is owed to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a immense number of HTTPS connections to the affected device. A successful exploit could allow the attacker to cause the system to stop processing recently created connections, which could result in a DoS condition. Note: Manual intervention may be required to recover from this situation. (CVSS:0.0) (Closing Update:2021-10-06)

CVE-2021-39880

October 4th, 2021|Denial of Service|

A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny admittance to all users via specially crafted requests to the apollo_upload_server middleware. (CVSS:0.0) (Terminal Update:2021-10-05)

CVE-2021-41118

October 3rd, 2021|Denial of Service|

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings['functionalRichness'] = 0;` or disable DynamicPageList3 to mitigate. (CVSS:0.0) (Terminal Update:2021-10-04)

CVE-2021-23446

September 28th, 2021|Denial of Service|

The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function. (CVSS:0.0) (Last Update:2021-09-29)

CVE-2021-41821

September 28th, 2021|Denial of Service|

Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager. (CVSS:0.0) (Final Update:2021-09-29)

CVE-2021-37273

September 27th, 2021|Denial of Service|

A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of "Optical Modem Bright Router." Attackers can use this vulnerability to restart the device multiple times. (CVSS:0.0) (Concluding Update:2021-09-28)

CVE-2021-40712

September 26th, 2021|Denial of Service|

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service. (CVSS:0.0) (Concluding Update:2021-09-27)

CVE-2021-36134

September 26th, 2021|Denial of Service|

Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading to a Denial of Service (DoS). (CVSS:0.0) (Concluding Update:2021-09-27)

CVE-2021-37786

September 26th, 2021|Denial of Service|

Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Bank check App IOS 2.2.0 and below affected, patch in progress. A denial of service (physically proximate) could be caused by scanning a crafted QR code. (CVSS:0.0) (Final Update:2021-09-27)

CVE-2021-34768

September 22nd, 2021|Denial of Service|

Multiple vulnerabilities in the Control and Provisioning of Wireless Admittance Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS stipulation. (CVSS:0.0) (Final Update:2021-09-23)

CVE-2021-34769

September 22nd, 2021|Denial of Service|

Multiple vulnerabilities in the Control and Provisioning of Wireless Entree Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) precondition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. (CVSS:0.0) (Terminal Update:2021-09-23)

CVE-2021-22009

September 22nd, 2021|Denial of Service|

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service precondition owed to excessive memory consumption by VAPI service. (CVSS:0.0) (Closing Update:2021-09-23)

CVE-2021-22010

September 22nd, 2021|Denial of Service|

The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network accession to port 443 on vCenter Server may exploit this issue to create a denial of service precondition owed to excessive memory consumption by VPXD service. (CVSS:0.0) (Closing Update:2021-09-23)

CVE-2021-22019

September 22nd, 2021|Denial of Service|

The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network entree to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service stipulation. (CVSS:0.0) (Concluding Update:2021-09-23)

CVE-2021-32285

September 19th, 2021|Denial of Service|

An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function list_iterator_next() located in gravity_core.c. It allows an attacker to cause Denial of Service. (CVSS:0.0) (Terminal Update:2021-09-20)

CVE-2021-39588

September 19th, 2021|Denial of Service|

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_ReadABC() located in abc.c. It allows an attacker to cause Denial of Service. (CVSS:4.3) (Last Update:2021-09-22)

CVE-2021-32289

September 19th, 2021|Denial of Service|

An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the function convertByteStreamToRBSP() located in nalutil.cpp. It allows an attacker to cause Denial of Service. (CVSS:0.0) (Last Update:2021-09-20)

CVE-2021-39589

September 19th, 2021|Denial of Service|

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function parse_metadata() located in abc.c. It allows an attacker to cause Denial of Service. (CVSS:4.3) (Concluding Update:2021-09-22)

CVE-2021-38089

September 19th, 2021|Denial of Service|

Buffer Overflow vulnerability in function config_input in libavfilter/vf_bm3d.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. (CVSS:0.0) (Final Update:2021-09-20)

Directory Traversal

CVE-2021-41103

October 3rd, 2021|Directory Traversal|

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit entree to the host to trusted users. Update directory permission on container bundles directories. (CVSS:0.0) (Last Update:2021-10-04)

CVE-2021-41595

October 3rd, 2021|Directory Traversal|

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality. (CVSS:0.0) (Final Update:2021-10-04)

CVE-2021-41596

October 3rd, 2021|Directory Traversal|

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality. (CVSS:0.0) (Final Update:2021-10-04)

CVE-2021-41323

September 29th, 2021|Directory Traversal|

Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. (CVSS:0.0) (Closing Update:2021-09-30)

CVE-2021-41324

September 29th, 2021|Directory Traversal|

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete). (CVSS:0.0) (Last Update:2021-09-30)

CVE-2021-21569

September 27th, 2021|Directory Traversal|

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain admittance to unauthorized information. (CVSS:4.0) (Last Update:2021-10-01)

CVE-2021-36286

September 27th, 2021|Directory Traversal|

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a dissimilar object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. (CVSS:0.0) (Final Update:2021-09-28)

CVE-2021-40103

September 26th, 2021|Directory Traversal|

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. (CVSS:5.0) (Last Update:2021-10-01)

CVE-2021-22013

September 22nd, 2021|Directory Traversal|

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network accession to port 443 on vCenter Server may exploit this issue to gain entree to frail information. (CVSS:5.0) (Concluding Update:2021-09-27)

CVE-2021-24638

September 19th, 2021|Directory Traversal|

The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website. (CVSS:0.0) (Last Update:2021-09-20)

CVE-2020-19147

September 14th, 2021|Directory Traversal|

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain breakable infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'. (CVSS:4.0) (Closing Update:2021-09-23)

CVE-2021-33692

September 14th, 2021|Directory Traversal|

SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject specific elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to accession files or directories. (CVSS:5.0) (Final Update:2021-09-28)

CVE-2021-23043

September 13th, 2021|Directory Traversal|

On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to entree arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVSS:0.0) (Closing Update:2021-09-14)

CVE-2021-33685

September 13th, 2021|Directory Traversal|

SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to admittance files or directories that are outside of the restricted directory. A successful attack allows access to high even sensitive data (CVSS:4.0) (Concluding Update:2021-09-24)

CVE-2021-25450

September 8th, 2021|Directory Traversal|

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. (CVSS:3.3) (Concluding Update:2021-09-22)

CVE-2021-1739

September 7th, 2021|Directory Traversal|

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. (CVSS:2.1) (Last Update:2021-09-15)

CVE-2021-1740

September 7th, 2021|Directory Traversal|

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. (CVSS:2.1) (Last Update:2021-09-15)

CVE-2021-1815

September 7th, 2021|Directory Traversal|

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. (CVSS:2.1) (Closing Update:2021-09-16)

CVE-2021-37731

September 6th, 2021|Directory Traversal|

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. (CVSS:7.2) (Last Update:2021-09-13)

CVE-2021-37733

September 6th, 2021|Directory Traversal|

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. (CVSS:4.0) (Terminal Update:2021-09-14)

CVE-2021-36717

September 6th, 2021|Directory Traversal|

In order to perform a directory traversal attack, all an attacker needs is a web browser and some knowledge on where to blindly find any default files and directories on the system. on the "Name" parameter the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system. (CVSS:0.0) (Terminal Update:2021-09-07)

CVE-2021-39500

September 6th, 2021|Directory Traversal|

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Owed to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories. (CVSS:0.0) (Last Update:2021-09-07)

CVE-2021-37728

September 6th, 2021|Directory Traversal|

A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability. (CVSS:5.5) (Final Update:2021-09-09)

File Inclusion

CVE-2021-39433

October 3rd, 2021|File Inclusion|

A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. (CVSS:0.0) (Closing Update:2021-10-04)

CVE-2021-37348

August 12th, 2021|File Inclusion|

Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. (CVSS:5.0) (Concluding Update:2021-08-23)

CVE-2021-25447

August 4th, 2021|File Inclusion|

Improper accession control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. (CVSS:5.0) (Concluding Update:2021-08-12)

CVE-2021-24472

August 1st, 2021|File Inclusion|

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website. (CVSS:7.5) (Closing Update:2021-08-27)

CVE-2021-24453

July 18th, 2021|File Inclusion|

The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure (CVSS:9.0) (Closing Update:2021-08-11)

CVE-2021-24447

July 18th, 2021|File Inclusion|

The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard (CVSS:5.0) (Terminal Update:2021-07-28)

CVE-2021-21804

July 15th, 2021|File Inclusion|

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. (CVSS:7.5) (Closing Update:2021-07-28)

CVE-2021-36123

July 12th, 2021|File Inclusion|

An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on the server filesystems as well any files accessible via Universal Naming Convention (UNC) paths. (CVSS:4.0) (Closing Update:2021-07-15)

CVE-2021-25438

July 7th, 2021|File Inclusion|

Improper accession control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview. (CVSS:4.6) (Last Update:2021-07-12)

CVE-2020-21786

June 23rd, 2021|File Inclusion|

In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php. (CVSS:7.5) (Final Update:2021-07-01)

CVE-2020-25414

June 16th, 2021|File Inclusion|

A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. (CVSS:7.5) (Terminal Update:2021-06-21)

CVE-2021-33408

May 26th, 2021|File Inclusion|

Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1. (CVSS:4.0) (Terminal Update:2021-06-08)

CVE-2020-35580

May 19th, 2021|File Inclusion|

A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users. (CVSS:5.0) (Concluding Update:2021-05-28)

CVE-2017-17674

May 18th, 2021|File Inclusion|

BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Owed to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE). (CVSS:7.5) (Final Update:2021-05-25)

CVE-2020-23996

May 12th, 2021|File Inclusion|

A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data. (CVSS:6.5) (Closing Update:2021-05-21)

CVE-2021-30173

May 6th, 2021|File Inclusion|

Local File Inclusion vulnerability of the omni-directional communication system allows remote authenticated attacker inject absolute path into Url parameter and admittance arbitrary file. (CVSS:4.0) (Final Update:2021-05-18)

CVE-2021-32100

May 6th, 2021|File Inclusion|

A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user. (CVSS:4.0) (Concluding Update:2021-05-14)

CVE-2021-31783

April 25th, 2021|File Inclusion|

show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression cheque. (CVSS:5.0) (Final Update:2021-05-04)

CVE-2021-24242

April 21st, 2021|File Inclusion|

The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file (CVSS:5.5) (Closing Update:2021-04-30)

CVE-2020-22474

February 21st, 2021|File Inclusion|

In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion. (CVSS:4.0) (Concluding Update:2021-07-21)

CVE-2021-23340

February 17th, 2021|File Inclusion|

This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability. (CVSS:5.5) (Terminal Update:2021-02-25)

CVE-2020-13550

February 16th, 2021|File Inclusion|

A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. (CVSS:4.0) (Terminal Update:2021-02-19)

CVE-2021-27236

February 15th, 2021|File Inclusion|

An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution. (CVSS:7.5) (Last Update:2021-02-22)

CVE-2020-35566

February 15th, 2021|File Inclusion|

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An attacker can read arbitrary JSON files via Local File Inclusion. (CVSS:5.0) (Concluding Update:2021-02-19)

Gain Information

CVE-2021-32029

October 7th, 2021|Gain Information|

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. (CVSS:0.0) (Last Update:2021-10-08)

CVE-2020-4654

October 7th, 2021|Gain Information|

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain breakable information due to improper permission control. IBM X-Force ID: 186090. (CVSS:0.0) (Last Update:2021-10-08)

CVE-2021-37976

October 7th, 2021|Gain Information|

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially easily broken information from process memory via a crafted HTML page. (CVSS:0.0) (Closing Update:2021-10-08)

CVE-2021-29700

October 6th, 2021|Gain Information|

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain fragile information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656. (CVSS:0.0) (Terminal Update:2021-10-07)

CVE-2021-20552

October 6th, 2021|Gain Information|

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain easily broken information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170. (CVSS:0.0) (Concluding Update:2021-10-07)

CVE-2021-29761

October 5th, 2021|Gain Information|

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain delicate information from the dashboard that they should not have entree to. IBM X-Force ID: 202265. (CVSS:0.0) (Concluding Update:2021-10-06)

CVE-2021-41125

October 5th, 2021|Gain Information|

Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an choice, you may upgrade to Scrapy 1.8.1 instead. If you cannot upgrade, set your HTTP authentication credentials on a per-request fundament, using for example the `w3lib.http.basic_auth_header` function to convert your credentials into a value that you can assign to the `Authorization` header of your request, instead of defining your credentials globally using `HttpAuthMiddleware`. (CVSS:0.0) (Final Update:2021-10-06)

CVE-2021-34702

October 5th, 2021|Gain Information|

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain fragile information. This vulnerability is owed to improper enforcement of administrator privilege levels for low-value easily broken data. An attacker with read-only administrator admittance to the web-based management interface could exploit this vulnerability by browsing to the page that contains the delicate data. A successful exploit could allow the attacker to collect frail information regarding the configuration of the system. (CVSS:0.0) (Closing Update:2021-10-06)

CVE-2021-34782

October 5th, 2021|Gain Information|

A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain accession to fragile information that should be restricted. The attacker must have valid device credentials. This vulnerability is owed to improper admittance controls on API endpoints. An attacker could exploit the vulnerability by sending a particular API request to an affected application. A successful exploit could allow the attacker to obtain delicate information about other users who are configured with higher privileges on the application. (CVSS:0.0) (Closing Update:2021-10-06)

CVE-2021-0691

October 5th, 2021|Gain Information|

In the SELinux policy configured in system_app.te, there is a possible way for system_app to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-188554048 (CVSS:0.0) (Final Update:2021-10-06)

CVE-2021-25473

October 5th, 2021|Gain Information|

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a unending denial of service in user device before factory reset. (CVSS:0.0) (Terminal Update:2021-10-06)

CVE-2021-25474

October 5th, 2021|Gain Information|

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a everlasting denial of service in user device before factory reset. (CVSS:0.0) (Final Update:2021-10-06)

CVE-2021-38923

October 5th, 2021|Gain Information|

IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain admittance to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162. (CVSS:0.0) (Terminal Update:2021-10-06)

CVE-2021-41120

October 4th, 2021|Gain Information|

sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the compensation page done after checkout was created with autoincremented compensation id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the Credit card form has prefilled "credit card holder" field with the Customer's first and final name and hence this can lead to personally identifiable information exposure. Additionally, the mentioned form did not require authentication. The problem has been patched in Sylius/PayPalPlugin 1.2.4 and 1.3.1. If users are unable to update they can override a sylius_paypal_plugin_pay_with_paypal_form route and change its URL parameters to (for example) {orderToken}/{paymentId}, then override the SyliusPayPalPluginControllerPayWithPayPalFormAction service, to operate on the compensation taken from the repository by these 2 values. It would also require usage of custom repository method. Additionally, one could override the @SyliusPayPalPlugin/payWithPaypal.html.twig template, to add contingencies: ['SCA_ALWAYS'] line in hostedFields.submit(...) function call (line 421). It would then have to be handled in the function callback. (CVSS:0.0) (Last Update:2021-10-05)

CVE-2021-41124

October 4th, 2021|Gain Information|

Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth) (i.e. the `http_user` and `http_pass` spider attributes) for Splash authentication will have any non-Splash request expose your credentials to the request target. This includes `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`. Upgrade to scrapy-splash 0.8.0 and use the unaccustomed `SPLASH_USER` and `SPLASH_PASS` settings instead to set your Splash authentication credentials safely. If you cannot upgrade, set your Splash request credentials on a per-request foundation, [using the `splash_headers` request parameter](https://github.com/scrapy-plugins/scrapy-splash/tree/0.8.x#http-basic-auth), instead of defining them globally using the [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth). Alternatively, make sure all your requests go through Splash. That includes disabling the [robots.txt middleware](https://docs.scrapy.org/en/latest/topics/downloader-middleware.html#topics-dlmw-robots). (CVSS:0.0) (Final Update:2021-10-05)

CVE-2021-41092

October 3rd, 2021|Gain Information|

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as viable. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. (CVSS:0.0) (Final Update:2021-10-04)

CVE-2021-36309

September 30th, 2021|Gain Information|

Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with entree to the system may use the TACACSRadius credentials stored to read frail information and use it in further attacks. (CVSS:4.0) (Terminal Update:2021-10-08)

CVE-2021-39855

September 28th, 2021|Gain Information|

Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. (CVSS:0.0) (Last Update:2021-09-29)

CVE-2021-39856

September 28th, 2021|Gain Information|

Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. (CVSS:0.0) (Final Update:2021-09-29)

CVE-2021-39857

September 28th, 2021|Gain Information|

Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to cheque for existence of local files. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. (CVSS:0.0) (Terminal Update:2021-09-29)

CVE-2021-30086

September 27th, 2021|Gain Information|

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. (CVSS:0.0) (Closing Update:2021-09-28)

CVE-2021-37267

September 27th, 2021|Gain Information|

Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. (CVSS:0.0) (Final Update:2021-09-28)

CVE-2021-37271

September 27th, 2021|Gain Information|

Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. (CVSS:0.0) (Closing Update:2021-09-28)

CVE-2021-24661

September 26th, 2021|Gain Information|

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID. (CVSS:0.0) (Final Update:2021-09-27)

CVE-2021-37274

September 26th, 2021|Gain Information|

Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes. (CVSS:0.0) (Last Update:2021-09-27)

HTTP Response Splitting

CVE-2021-32598

August 4th, 2021|HTTP Response Splitting|

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. (CVSS:4.0) (Final Update:2021-08-12)

CVE-2021-28979

June 15th, 2021|HTTP Response Splitting|

SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. (CVSS:4.3) (Final Update:2021-07-15)

CVE-2021-0268

April 21st, 2021|HTTP Response Splitting|

An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiation information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also be exploited by directing a user to a seemingly legitimate link from the affected site. The attacker requires no specific admittance or permissions to the device to carry out such attacks. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.1R1. (CVSS:5.8) (Closing Update:2021-04-28)

CVE-2019-4552

October 14th, 2020|HTTP Response Splitting|

IBM Security Admittance Manager 9.0.7 and IBM Security Verify Admittance 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain easily broken information. IBM X-Force ID: 165960. (CVSS:5.8) (Closing Update:2020-10-20)

CVE-2020-15811

September 1st, 2020|HTTP Response Splitting|

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Owed to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. (CVSS:4.0) (Final Update:2021-03-04)

CVE-2020-7695

July 26th, 2020|HTTP Response Splitting|

Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers. (CVSS:5.0) (Terminal Update:2020-07-29)

CVE-2019-16385

June 3rd, 2020|HTTP Response Splitting|

Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed. (CVSS:4.3) (Final Update:2021-07-21)

CVE-2020-11709

April 11th, 2020|HTTP Response Splitting|

cpp-httplib through 0.5.8 does not filter rn in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts. (CVSS:5.0) (Concluding Update:2020-04-13)

CVE-2020-11703

April 11th, 2020|HTTP Response Splitting|

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter. (CVSS:5.0) (Concluding Update:2020-04-13)

CVE-2020-7622

April 5th, 2020|HTTP Response Splitting|

This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting. (CVSS:7.5) (Terminal Update:2021-08-03)

CVE-2020-6858

March 11th, 2020|HTTP Response Splitting|

Hotels Styx through 1.0.0.beta8 allows HTTP response splitting owed to CRLF Injection. This is exploitable if untrusted user input can appear in a response header. (CVSS:4.3) (Closing Update:2020-03-17)

CVE-2020-5249

March 1st, 2020|HTTP Response Splitting|

In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a stroller return character to end the header and inject malicious content, such as additional headers or an entirely unused or little used response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4. (CVSS:4.0) (Final Update:2020-04-09)

CVE-2020-5247

February 27th, 2020|HTTP Response Splitting|

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely recently created response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters. (CVSS:5.0) (Concluding Update:2020-04-09)

CVE-2019-10797

February 18th, 2020|HTTP Response Splitting|

Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting owed to HTTP Header validation being disabled. (CVSS:4.3) (Terminal Update:2020-03-02)

CVE-2020-6181

February 11th, 2020|HTTP Response Splitting|

Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. (CVSS:5.0) (Final Update:2020-02-21)

CVE-2019-19670

February 9th, 2020|HTTP Response Splitting|

A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html. (CVSS:4.3) (Terminal Update:2020-02-11)

CVE-2015-3154

January 26th, 2020|HTTP Response Splitting|

CRLF injection vulnerability in ZendMail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email. (CVSS:4.3) (Final Update:2020-01-30)

CVE-2019-16771

December 5th, 2019|HTTP Response Splitting|

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking. (CVSS:5.0) (Concluding Update:2019-12-16)

CVE-2019-16254

November 25th, 2019|HTTP Response Splitting|

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. (CVSS:5.0) (Last Update:2020-08-16)

CVE-2019-4396

October 24th, 2019|HTTP Response Splitting|

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236. (CVSS:3.5) (Concluding Update:2020-08-24)

CVE-2019-4461

October 24th, 2019|HTTP Response Splitting|

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682. (CVSS:3.5) (Closing Update:2020-08-24)

CVE-2019-17513

October 17th, 2019|HTTP Response Splitting|

An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur. (CVSS:5.0) (Concluding Update:2020-08-24)

CVE-2019-15259

October 1st, 2019|HTTP Response Splitting|

A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is owed to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request on an affected device. A successful exploit could allow the attacker to perform cross-site scripting attacks, web cache poisoning, entree easily broken browser-based information, and alike exploits. (CVSS:4.3) (Concluding Update:2020-10-16)

CVE-2019-5314

September 12th, 2019|HTTP Response Splitting|

Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. (CVSS:4.3) (Concluding Update:2020-08-24)

Memory Corruption

CVE-2021-30626

October 7th, 2021|Memory Corruption|

Out of bounds memory entree in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVSS:0.0) (Concluding Update:2021-10-08)

CVE-2021-25491

October 5th, 2021|Memory Corruption|

A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference. (CVSS:0.0) (Concluding Update:2021-10-06)

CVE-2021-41121

October 5th, 2021|Memory Corruption|

Vyper is a Pythonic Clever Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0. (CVSS:0.0) (Final Update:2021-10-06)

CVE-2021-34758

October 5th, 2021|Memory Corruption|

A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) precondition. This vulnerability is owed to insufficient entree controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot. (CVSS:0.0) (Closing Update:2021-10-06)

CVE-2021-32626

October 3rd, 2021|Memory Corruption|

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, owed to incomplete checks for this stipulation. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. (CVSS:0.0) (Closing Update:2021-10-04)

CVE-2021-39845

September 28th, 2021|Memory Corruption|

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. (CVSS:0.0) (Concluding Update:2021-09-29)

CVE-2021-39846

September 28th, 2021|Memory Corruption|

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability owed to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. (CVSS:0.0) (Last Update:2021-09-29)

CVE-2021-40710

September 28th, 2021|Memory Corruption|

Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. (CVSS:0.0) (Terminal Update:2021-09-29)

CVE-2021-40715

September 28th, 2021|Memory Corruption|

Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability owed to insecure handling of a malicious .exr file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. (CVSS:0.0) (Last Update:2021-09-29)

CVE-2021-39819

September 26th, 2021|Memory Corruption|

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVSS:0.0) (Terminal Update:2021-09-27)

CVE-2021-39824

September 26th, 2021|Memory Corruption|

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability owed to insecure handling of a malicious png file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVSS:0.0) (Closing Update:2021-09-27)

CVE-2021-40700

September 26th, 2021|Memory Corruption|

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability owed to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVSS:0.0) (Closing Update:2021-09-27)

CVE-2021-40701

September 26th, 2021|Memory Corruption|

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVSS:0.0) (Concluding Update:2021-09-27)

CVE-2021-40702

September 26th, 2021|Memory Corruption|

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVSS:0.0) (Concluding Update:2021-09-27)

CVE-2021-40703

September 26th, 2021|Memory Corruption|

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability owed to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVSS:0.0) (Terminal Update:2021-09-27)

CVE-2021-39818

September 26th, 2021|Memory Corruption|

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability owed to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVSS:0.0) (Closing Update:2021-09-27)

CVE-2021-27046

September 14th, 2021|Memory Corruption|

A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files. (CVSS:0.0) (Last Update:2021-09-15)

CVE-2021-1934

September 8th, 2021|Memory Corruption|

Feasible memory corruption due to improper bank check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT (CVSS:0.0) (Last Update:2021-09-09)

CVE-2021-25458

September 8th, 2021|Memory Corruption|

NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. (CVSS:0.0) (Final Update:2021-09-09)

CVE-2021-25462

September 8th, 2021|Memory Corruption|

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. (CVSS:0.0) (Last Update:2021-09-09)

CVE-2021-1847

September 7th, 2021|Memory Corruption|

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. (CVSS:0.0) (Terminal Update:2021-09-08)

CVE-2021-30725

September 7th, 2021|Memory Corruption|

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. (CVSS:0.0) (Concluding Update:2021-09-08)

CVE-2021-1875

September 7th, 2021|Memory Corruption|

A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption. (CVSS:0.0) (Concluding Update:2021-09-08)

CVE-2021-30734

September 7th, 2021|Memory Corruption|

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVSS:0.0) (Concluding Update:2021-09-08)

CVE-2021-1882

September 7th, 2021|Memory Corruption|

A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to gain elevated privileges. (CVSS:0.0) (Closing Update:2021-09-08)

Overflows

CVE-2021-30628

October 7th, 2021|Overflows|

Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (CVSS:0.0) (Concluding Update:2021-10-08)

CVE-2021-25495

October 5th, 2021|Overflows|

A viable heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. (CVSS:0.0) (Terminal Update:2021-10-06)

CVE-2021-25496

October 5th, 2021|Overflows|

A workable buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. (CVSS:0.0) (Terminal Update:2021-10-06)

CVE-2021-25497

October 5th, 2021|Overflows|

A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. (CVSS:0.0) (Last Update:2021-10-06)

CVE-2021-25498

October 5th, 2021|Overflows|

A workable buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. (CVSS:0.0) (Last Update:2021-10-06)

CVE-2021-0690

October 5th, 2021|Overflows|

In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a workable out of bounds write owed to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-182152757 (CVSS:0.0) (Last Update:2021-10-06)

CVE-2021-25467

October 5th, 2021|Overflows|

Assuming system privilege is gained, workable buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library. (CVSS:0.0) (Concluding Update:2021-10-06)

CVE-2021-25469

October 5th, 2021|Overflows|

A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution. (CVSS:0.0) (Concluding Update:2021-10-06)

CVE-2021-25475

October 5th, 2021|Overflows|

A viable heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. (CVSS:0.0) (Closing Update:2021-10-06)

CVE-2021-25478

October 5th, 2021|Overflows|

A viable stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. (CVSS:0.0) (Terminal Update:2021-10-06)

CVE-2021-25479

October 5th, 2021|Overflows|

A practicable heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. (CVSS:0.0) (Terminal Update:2021-10-06)

CVE-2021-25494

October 5th, 2021|Overflows|

A feasible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. (CVSS:0.0) (Concluding Update:2021-10-06)

CVE-2021-3625

October 4th, 2021|Overflows|

Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363 (CVSS:0.0) (Closing Update:2021-10-05)

CVE-2021-32627

October 3rd, 2021|Overflows|

Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very vast values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. (CVSS:0.0) (Closing Update:2021-10-04)

CVE-2021-32628

October 3rd, 2021|Overflows|

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very huge value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. (CVSS:0.0) (Closing Update:2021-10-04)

CVE-2021-32687

October 3rd, 2021|Overflows|

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. (CVSS:0.0) (Final Update:2021-10-04)

CVE-2021-32762

October 3rd, 2021|Overflows|

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted huge multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow cheque before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. (CVSS:0.0) (Terminal Update:2021-10-04)

CVE-2021-41099

October 3rd, 2021|Overflows|

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very huge value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. (CVSS:0.0) (Terminal Update:2021-10-04)

CVE-2021-32765

October 3rd, 2021|Overflows|

Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context alternative to a value small enough that no overflow is possible. (CVSS:0.0) (Final Update:2021-10-04)

CVE-2020-20663

September 29th, 2021|Overflows|

libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_connection.c. (CVSS:0.0) (Concluding Update:2021-09-30)

CVE-2020-20746

September 29th, 2021|Overflows|

A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg. (CVSS:0.0) (Last Update:2021-09-30)

CVE-2020-20662

September 29th, 2021|Overflows|

libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_example1.c. (CVSS:0.0) (Concluding Update:2021-09-30)

CVE-2021-39863

September 28th, 2021|Overflows|

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVSS:0.0) (Final Update:2021-09-29)

CVE-2021-35944

September 28th, 2021|Overflows|

Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. (CVSS:0.0) (Concluding Update:2021-09-29)

CVE-2021-35945

September 28th, 2021|Overflows|

Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. (CVSS:0.0) (Final Update:2021-09-29)

Memory Corruption

CVE-2021-41920

October 7th, 2021|Sql injection|

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based unsighted SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to admittance all the data in the database and obtain entree to the webTareas application. (CVSS:0.0) (Last Update:2021-10-08)

CVE-2020-21725

October 6th, 2021|Sql injection|

OpenSNS v6.1.0 contains a unsighted SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter. (CVSS:0.0) (Terminal Update:2021-10-07)

CVE-2020-21726

October 6th, 2021|Sql injection|

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter. (CVSS:0.0) (Final Update:2021-10-07)

CVE-2021-39351

October 5th, 2021|Sql injection|

The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiate easily broken information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2. (CVSS:0.0) (Final Update:2021-10-06)

CVE-2021-29798

October 5th, 2021|Sql injection|

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734. (CVSS:0.0) (Last Update:2021-10-06)

CVE-2021-29903

October 5th, 2021|Sql injection|

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506. (CVSS:0.0) (Closing Update:2021-10-06)

CVE-2021-25482

October 5th, 2021|Sql injection|

SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information. (CVSS:0.0) (Concluding Update:2021-10-06)

CVE-2021-41651

October 3rd, 2021|Sql injection|

A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php. (CVSS:0.0) (Final Update:2021-10-04)

CVE-2021-41647

September 30th, 2021|Sql injection|

An un-authenticated error-based and time-based unsighted SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve easily broken database information, as well as add an administrative user. (CVSS:0.0) (Closing Update:2021-10-01)

CVE-2020-21012

September 30th, 2021|Sql injection|

Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. (CVSS:0.0) (Final Update:2021-10-01)

CVE-2021-41845

September 30th, 2021|Sql injection|

A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. (CVSS:0.0) (Terminal Update:2021-10-01)

CVE-2021-41288

September 29th, 2021|Sql injection|

Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. (CVSS:0.0) (Final Update:2021-09-30)

CVE-2021-38303

September 27th, 2021|Sql injection|

A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0.7.29360. (CVSS:0.0) (Concluding Update:2021-09-28)

CVE-2021-24666

September 26th, 2021|Sql injection|

The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P[d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi. (CVSS:0.0) (Concluding Update:2021-09-27)

CVE-2021-40674

September 19th, 2021|Sql injection|

An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php. (CVSS:0.0) (Closing Update:2021-09-20)

CVE-2021-24741

September 19th, 2021|Sql injection|

The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users. (CVSS:0.0) (Closing Update:2021-09-20)

CVE-2021-40669

September 15th, 2021|Sql injection|

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file. (CVSS:0.0) (Closing Update:2021-09-16)

CVE-2021-40670

September 15th, 2021|Sql injection|

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file. (CVSS:0.0) (Final Update:2021-09-16)

CVE-2020-21121

September 14th, 2021|Sql injection|

Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file. (CVSS:0.0) (Closing Update:2021-09-15)

CVE-2020-21127

September 14th, 2021|Sql injection|

MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel. (CVSS:0.0) (Terminal Update:2021-09-15)

CVE-2021-33701

September 14th, 2021|Sql injection|

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability. (CVSS:0.0) (Closing Update:2021-09-15)

CVE-2021-23040

September 13th, 2021|Sql injection|

On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVSS:0.0) (Last Update:2021-09-14)

CVE-2021-24726

September 12th, 2021|Sql injection|

The WP Plain Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue (CVSS:0.0) (Closing Update:2021-09-13)

CVE-2021-41564

October 7th, 2021|Bypass Something|

Tad Honor viewing Bible list function is vulnerable to authorization bypass, thus remote attackers can use particular parameters to delete articles arbitrarily without logging in. (CVSS:0.0) (Last Update:2021-10-08)

CVE-2021-41568

October 7th, 2021|Bypass Something|

Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system. (CVSS:0.0) (Final Update:2021-10-08)

CVE-2021-41975

October 7th, 2021|Bypass Something|

TadTools specific page is vulnerable to authorization bypass, thus remote attackers can use the particular parameter to delete arbitrary files in the system without logging in. (CVSS:0.0) (Terminal Update:2021-10-08)

CVE-2021-41976

October 7th, 2021|Bypass Something|

Tad Uploader edit Good Book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the Christian Bible list without logging in. (CVSS:0.0) (Terminal Update:2021-10-08)

CVE-2021-23447

October 6th, 2021|Bypass Something|

This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string). (CVSS:0.0) (Final Update:2021-10-07)

CVE-2021-0688

October 5th, 2021|Bypass Something|

In lockNow of PhoneWindowManager.java, there is a practicable lock screen bypass due to a race precondition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-161149543 (CVSS:0.0) (Last Update:2021-10-06)

CVE-2021-25476

October 5th, 2021|Bypass Something|

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection meddler in TEE. (CVSS:0.0) (Terminal Update:2021-10-06)

CVE-2021-25481

October 5th, 2021|Bypass Something|

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory. (CVSS:0.0) (Last Update:2021-10-06)

CVE-2021-1534

October 5th, 2021|Bypass Something|

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is owed to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a fastidious way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device. (CVSS:0.0) (Final Update:2021-10-06)

CVE-2021-39870

October 4th, 2021|Bypass Something|

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call. (CVSS:0.0) (Final Update:2021-10-05)

CVE-2021-35296

October 3rd, 2021|Bypass Something|

An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path. (CVSS:0.0) (Concluding Update:2021-10-04)

CVE-2021-39871

October 3rd, 2021|Bypass Something|

In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call. (CVSS:0.0) (Closing Update:2021-10-04)

CVE-2021-38618

October 3rd, 2021|Bypass Something|

In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement. (CVSS:0.0) (Terminal Update:2021-10-04)

CVE-2021-41094

October 3rd, 2021|Bypass Something|

Wire is an open source invulnerable messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fail silently if no device passcode is set. The user has no indication that encryption at rest is not strong physically or mentally since the feature is hidden to them. This issue has been resolved in version 3.70 (CVSS:0.0) (Closing Update:2021-10-04)

CVE-2021-36298

September 30th, 2021|Bypass Something|

Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote coup of the InsightIQ. This allows an attacker to take without defect control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity. (CVSS:0.0) (Concluding Update:2021-10-01)

CVE-2021-35202

September 29th, 2021|Bypass Something|

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to admittance an endpoint) in FDSQueryService. (CVSS:0.0) (Last Update:2021-09-30)

CVE-2021-39862

September 28th, 2021|Bypass Something|

Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of easily broken memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVSS:0.0) (Last Update:2021-09-29)

CVE-2021-39865

September 28th, 2021|Bypass Something|

Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of fragile memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVSS:0.0) (Closing Update:2021-09-29)

CVE-2021-40697

September 28th, 2021|Bypass Something|

Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVSS:0.0) (Concluding Update:2021-09-29)

CVE-2021-40716

September 28th, 2021|Bypass Something|

XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of fragile memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVSS:0.0) (Concluding Update:2021-09-29)

CVE-2021-41795

September 28th, 2021|Bypass Something|

The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on that web page. These items are usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items. (1Password must be unlocked for these items to be accessible, but no further user interaction is required.) (CVSS:0.0) (Terminal Update:2021-09-29)

CVE-2021-36284

September 27th, 2021|Bypass Something|

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack. (CVSS:0.0) (Terminal Update:2021-09-28)

CVE-2021-36285

September 27th, 2021|Bypass Something|

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack. (CVSS:0.0) (Final Update:2021-09-28)

CVE-2021-41558

September 26th, 2021|Bypass Something|

The set_user prolongation module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config. (CVSS:0.0) (Closing Update:2021-09-27)