β Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix β
π Read
via "Threat Post".
An authentication bypass vulnerability leading to remote code execution offers up the keys to the corporate kingdom.π Read
via "Threat Post".
Threat Post
Zoho ManageEngine Password Manager Zero-Day Gets a Fix, Amid Attacks
An authentication bypass vulnerability in the ManageEngine ADSelfService Plus platform leading to remote code execution offers up the keys to the corporate kingdom.
βΌ CVE-2021-40223 βΌ
π Read
via "National Vulnerability Database".
Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog). This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts). The XSS payload will be triggered when the user accesses some specific sections of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36870 βΌ
π Read
via "National Vulnerability Database".
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname, &address.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20117 βΌ
π Read
via "National Vulnerability Database".
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28495 βΌ
π Read
via "National Vulnerability Database".
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x trainπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39458 βΌ
π Read
via "National Vulnerability Database".
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40222 βΌ
π Read
via "National Vulnerability Database".
Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitize user input on Network TCP/IP configuration page. This allows the attacker to inject commands as root on the device which will be executed once the data is received.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39459 βΌ
π Read
via "National Vulnerability Database".
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26603 βΌ
π Read
via "National Vulnerability Database".
A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7873 βΌ
π Read
via "National Vulnerability Database".
Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26608 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28497 βΌ
π Read
via "National Vulnerability Database".
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x trainπ Read
via "National Vulnerability Database".
βΌ CVE-2021-28493 βΌ
π Read
via "National Vulnerability Database".
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releasesπ Read
via "National Vulnerability Database".
βΌ CVE-2020-7874 βΌ
π Read
via "National Vulnerability Database".
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20118 βΌ
π Read
via "National Vulnerability Database".
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28498 βΌ
π Read
via "National Vulnerability Database".
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x trainπ Read
via "National Vulnerability Database".
βΌ CVE-2021-28494 βΌ
π Read
via "National Vulnerability Database".
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releasesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-36871 βΌ
π Read
via "National Vulnerability Database".
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38408 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28499 βΌ
π Read
via "National Vulnerability Database".
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x trainπ Read
via "National Vulnerability Database".
β SideWalk Backdoor Linked to China-Linked Spy Group βGrayflyβ β
π Read
via "Threat Post".
Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers. π Read
via "Threat Post".
Threat Post
SideWalk Backdoor Linked to China-Linked Spy Group βGrayflyβ
Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers.