‼ CVE-2021-43409 ‼
📖 Read
via "National Vulnerability Database".
The "WPO365 | LOGIN" WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative users and changing application settings. This flaw could be exploited to ultimately provide full control of the affected system to the attacker.📖 Read
via "National Vulnerability Database".
🛠 Packet Fence 11.1.0 🛠
📖 Read
via "Packet Storm Security".
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Packet Fence 11.1.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ 6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years ❌
📖 Read
via "Threat Post".
Pen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.📖 Read
via "Threat Post".
Threat Post
6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years
Pen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.
‼ CVE-2021-29326 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39926 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39924 ‼
📖 Read
via "National Vulnerability Database".
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29328 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29329 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39921 ‼
📖 Read
via "National Vulnerability Database".
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3962 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in ImageMagick 7.1.0-14 where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39925 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39929 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29325 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22030 ‼
📖 Read
via "National Vulnerability Database".
In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41569 ‼
📖 Read
via "National Vulnerability Database".
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29324 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29327 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29323 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44036 ‼
📖 Read
via "National Vulnerability Database".
Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22028 ‼
📖 Read
via "National Vulnerability Database".
In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39922 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".