βΌ CVE-2021-20861 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43358 βΌ
π Read
via "National Vulnerability Database".
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20847 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20859 βΌ
π Read
via "National Vulnerability Database".
ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to execute an arbitrary OS command via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20863 βΌ
π Read
via "National Vulnerability Database".
OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20852 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20857 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20856 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20858 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20860 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43360 βΌ
π Read
via "National Vulnerability Database".
Sunnet eHRD e-mail delivery task scheduleΓ’β¬β’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20855 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20862 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to obtain anti-CSRF tokens and change the product's settings via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43359 βΌ
π Read
via "National Vulnerability Database".
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.π Read
via "National Vulnerability Database".
ποΈ Web cache poisoning bug discovered in Symfony PHP framework ποΈ
π Read
via "The Daily Swig".
Vulnerability in open source project has since been patchedπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
βΌ CVE-2021-4019 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2021-34599 βΌ
π Read
via "National Vulnerability Database".
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4018 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
β Widespread βSmishingβ Campaign Defrauds Iranian Android Users β
π Read
via "Threat Post".
Attackers use socially engineered SMS messages and malware to compromise tens of thousands of devices and drain user bank accounts.π Read
via "Threat Post".
Threat Post
Widespread βSmishingβ Campaign Defrauds Iranian Android Users
Attackers use socially engineered SMS messages and malware to compromise tens of thousands of devices and drain user bank accounts.
βΌ CVE-2021-4017 βΌ
π Read
via "National Vulnerability Database".
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-3989 βΌ
π Read
via "National Vulnerability Database".
showdoc is vulnerable to URL Redirection to Untrusted Siteπ Read
via "National Vulnerability Database".