🦿 How to test if your Linux server is vulnerable to Log4j 🦿
📖 Read
via "Tech Republic".
Log4j is a serious vulnerability that has swept across the IT landscape quickly. Here's a single command you can run to test and see if you have any vulnerable packages installed.📖 Read
via "Tech Republic".
TechRepublic
How to test if your Linux server is vulnerable to Log4j
Log4j is a serious vulnerability that has swept across the IT landscape quickly. Here's a single command you can run to test and see if you have any vulnerable packages installed.
‼ CVE-2021-42061 ‼
📖 Read
via "National Vulnerability Database".
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the "Quick Prompt" workflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42068 ‼
📖 Read
via "National Vulnerability Database".
When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42066 ‼
📖 Read
via "National Vulnerability Database".
SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39311 ‼
📖 Read
via "National Vulnerability Database".
The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39310 ‼
📖 Read
via "National Vulnerability Database".
The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHP_SELF in the ~/real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4007 ‼
📖 Read
via "National Vulnerability Database".
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41066 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself (it will bypass UAC protection; there is no privilege validation of the current user that runs via Listary).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3836 ‼
📖 Read
via "National Vulnerability Database".
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39312 ‼
📖 Read
via "National Vulnerability Database".
The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4107 ‼
📖 Read
via "National Vulnerability Database".
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44949 ‼
📖 Read
via "National Vulnerability Database".
glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42064 ‼
📖 Read
via "National Vulnerability Database".
If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized "in" clause accepts more than 1000 values.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42367 ‼
📖 Read
via "National Vulnerability Database".
The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39319 ‼
📖 Read
via "National Vulnerability Database".
The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44232 ‼
📖 Read
via "National Vulnerability Database".
SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44231 ‼
📖 Read
via "National Vulnerability Database".
Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39315 ‼
📖 Read
via "National Vulnerability Database".
The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-44549 ‼
📖 Read
via "National Vulnerability Database".
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. - https://javaee.github.io/javamail/docs/SSLNOTES.txt - https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html - https://github.com/eclipse-ee4j/mail/issues/429📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39313 ‼
📖 Read
via "National Vulnerability Database".
The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42069 ‼
📖 Read
via "National Vulnerability Database".
When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application📖 Read
via "National Vulnerability Database".