βΌ CVE-2021-37305 βΌ
π Read
via "National Vulnerability Database".
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37316 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37375 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36493 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23087 βΌ
π Read
via "National Vulnerability Database".
An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36570 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36424 βΌ
π Read
via "National Vulnerability Database".
An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23088 βΌ
π Read
via "National Vulnerability Database".
Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36443 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36545 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37317 βΌ
π Read
via "National Vulnerability Database".
Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36538 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36546 βΌ
π Read
via "National Vulnerability Database".
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36484 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0659 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220101 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
π΄ What CISOs Can Do About Brand Impersonation Scam Sites π΄
π Read
via "Dark Reading".
Apply these 9 tips to proactively fight fraudulent websites that steal customers' trust, money, and personally identifiable information.π Read
via "Dark Reading".
Dark Reading
What CISOs Can Do About Brand Impersonation Scam Sites
Apply these nine tips to proactively fight fraudulent websites that use your brand to rip people off.
βΌ CVE-2022-31733 βΌ
π Read
via "National Vulnerability Database".
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23940 βΌ
π Read
via "National Vulnerability Database".
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result, any contract using `is_valid_eth_signature` from the account library (such as the `EthAccount` preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts. The issue has been patched in 0.6.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42908 βΌ
π Read
via "National Vulnerability Database".
WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23937 βΌ
π Read
via "National Vulnerability Database".
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42909 βΌ
π Read
via "National Vulnerability Database".
WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they donΓΒ΄t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in.π Read
via "National Vulnerability Database".