โผ CVE-2021-28023 โผ
๐ Read
via "National Vulnerability Database".
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28024 โผ
๐ Read
via "National Vulnerability Database".
Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-25979 โผ
๐ Read
via "National Vulnerability Database".
Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sessions.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42770 โผ
๐ Read
via "National Vulnerability Database".
A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28022 โผ
๐ Read
via "National Vulnerability Database".
Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39182 โผ
๐ Read
via "National Vulnerability Database".
EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.๐ Read
via "National Vulnerability Database".
๐๏ธ Pwn2Own Austin 2021: Synacktiv crowned Masters of Pwn after Sonos One, WD NAS exploits ๐๏ธ
๐ Read
via "The Daily Swig".
French team takes home nearly $200k in winnings as event uncovers 61 zero days๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Pwn2Own Austin 2021: Synacktiv crowned Masters of Pwn after Sonos One, WD NAS exploits
French team takes home nearly $200k in winnings as event uncovers 61 zero days
โผ CVE-2021-24706 โผ
๐ Read
via "National Vulnerability Database".
The Qwizcards รยขรขโยฌรขโฌล online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-29843 โผ
๐ Read
via "National Vulnerability Database".
IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24627 โผ
๐ Read
via "National Vulnerability Database".
The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24816 โผ
๐ Read
via "National Vulnerability Database".
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24791 โผ
๐ Read
via "National Vulnerability Database".
The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24537 โผ
๐ Read
via "National Vulnerability Database".
The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the 'widget_rrm_similar_posts_condition' widget setting of the plugin.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24806 โผ
๐ Read
via "National Vulnerability Database".
The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24832 โผ
๐ Read
via "National Vulnerability Database".
The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24625 โผ
๐ Read
via "National Vulnerability Database".
The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24840 โผ
๐ Read
via "National Vulnerability Database".
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24575 โผ
๐ Read
via "National Vulnerability Database".
The School Management System รยขรขโยฌรขโฌล WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24631 โผ
๐ Read
via "National Vulnerability Database".
The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24835 โผ
๐ Read
via "National Vulnerability Database".
The WCFM รยขรขโยฌรขโฌล Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks๐ Read
via "National Vulnerability Database".
โผ CVE-2021-29735 โผ
๐ Read
via "National Vulnerability Database".
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.๐ Read
via "National Vulnerability Database".