โผ CVE-2021-44848 โผ
๐ Read
via "National Vulnerability Database".
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2018-25022 โผ
๐ Read
via "National Vulnerability Database".
The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44153 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)๐ Read
via "National Vulnerability Database".
โผ CVE-2018-25021 โผ
๐ Read
via "National Vulnerability Database".
The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44152 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-40856 โผ
๐ Read
via "National Vulnerability Database".
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-40857 โผ
๐ Read
via "National Vulnerability Database".
Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42549 โผ
๐ Read
via "National Vulnerability Database".
Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24782 โผ
๐ Read
via "National Vulnerability Database".
The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24819 โผ
๐ Read
via "National Vulnerability Database".
The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2021-24945 โผ
๐ Read
via "National Vulnerability Database".
The Like Button Rating รยขรขโยขรยฅ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24872 โผ
๐ Read
via "National Vulnerability Database".
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24925 โผ
๐ Read
via "National Vulnerability Database".
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX call (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24954 โผ
๐ Read
via "National Vulnerability Database".
The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issue๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24861 โผ
๐ Read
via "National Vulnerability Database".
The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24871 โผ
๐ Read
via "National Vulnerability Database".
The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24848 โผ
๐ Read
via "National Vulnerability Database".
The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin through 2.7, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24771 โผ
๐ Read
via "National Vulnerability Database".
The Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the "Quotes list" even when the unfiltered_html capability is disallowed๐ Read
via "National Vulnerability Database".
โผ CVE-2021-43117 โผ
๐ Read
via "National Vulnerability Database".
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42548 โผ
๐ Read
via "National Vulnerability Database".
Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24855 โผ
๐ Read
via "National Vulnerability Database".
The Display Post Metadata WordPress plugin before 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks๐ Read
via "National Vulnerability Database".