π¨ CVE-2020-20949
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
π@cveNotify
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
π@cveNotify
π¨ CVE-2020-28874
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).
π@cveNotify
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).
π@cveNotify
GitHub
Fix CVE-2020-28874 by @varandinawer Β· projectsend/projectsend@4402047
ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple languages, detailed logs... and much more! - Fix CVE-2020-28874β¦
π¨ CVE-2020-36011
A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.
π@cveNotify
A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.
π@cveNotify
Exploit Database
Smart Hospital 3.1 - "Add Patient" Stored XSS
Smart Hospital 3.1 - "Add Patient" Stored XSS.. webapps exploit for PHP platform
π¨ CVE-2020-36012
Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.
π@cveNotify
Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.
π@cveNotify
Multistore
Trasteros Baratos de Alquiler en Barcelona | Multistore
Alquiler de trasteros baratos en el Prat de Llobregat, guardamuebles y taquillas con videovigilancia 24 horas. Β‘ContΓ‘ctanos!
π¨ CVE-2021-3294
CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website.
π@cveNotify
CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website.
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π¨ CVE-2021-25299
Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.
π@cveNotify
Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π¨ CVE-2020-24841
PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
π@cveNotify
PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
π@cveNotify
Exploit Database
PNPSCADA 2.200816204020 - 'interf' SQL Injection (Authenticated)
PNPSCADA 2.200816204020 - 'interf' SQL Injection (Authenticated).. webapps exploit for Hardware platform
π¨ CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
π@cveNotify
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π¨ CVE-2020-24913
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
π@cveNotify
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π¨ CVE-2020-24914
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
π@cveNotify
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π¨ CVE-2020-27574
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user.
π@cveNotify
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user.
π@cveNotify
tvrbk
Rumpus 8.2.14
This is a description of vulnerabilities found in Rumpus version 8.2.14, which enable a malicious actor to get root access to the underlying system if the web user account management setting is enabled. No patch is available, disabling the remote user managementβ¦
π¨ CVE-2020-27576
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability.
π@cveNotify
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability.
π@cveNotify
tvrbk
Rumpus 8.2.14
This is a description of vulnerabilities found in Rumpus version 8.2.14, which enable a malicious actor to get root access to the underlying system if the web user account management setting is enabled. No patch is available, disabling the remote user managementβ¦
π¨ CVE-2020-29238
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request.
π@cveNotify
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request.
π@cveNotify
π¨ CVE-2021-27695
Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters.
π@cveNotify
Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters.
π@cveNotify
Exploit Database
openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting
openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting. CVE-2021-27695 . webapps exploit for Multiple platform
π¨ CVE-2020-28873
Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server.
π@cveNotify
Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server.
π@cveNotify
Acunetix
Long password denial of service - Vulnerabilities - Acunetix
By sending a very long password (1.000.000 characters) it's possible to cause a denial a service attack on the server. This may lead to the websi... Long password denial
π¨ CVE-2021-26216
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.
π@cveNotify
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.
π@cveNotify
Medium
CVE-2021β26216
# Exploit Title: SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php
# Date: 15/03/21
# Exploit Authorβ¦
# Date: 15/03/21
# Exploit Authorβ¦
π¨ CVE-2021-28937
The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP.
π@cveNotify
The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP.
π@cveNotify
Medium
Hunting for Vulnerabilities in Low-Cost WiFi Repeaters
Security analysis of a low-cost WiFi Repeater
π¨ CVE-2020-21884
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.
π@cveNotify
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.
π@cveNotify
π¨ CVE-2020-24285
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
π@cveNotify
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
π@cveNotify
GitHub
CVE/telefone_ip_tip200.md at main Β· SecLoop/CVE
Contribute to SecLoop/CVE development by creating an account on GitHub.
π¨ CVE-2021-25681
AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched.
π@cveNotify
AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched.
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π¨ CVE-2021-28860
In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).
π@cveNotify
In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).
π@cveNotify
GitHub
fix: dont pollute object proto #1 Β· adaltas/node-mixme@cfd5fbf
A library for recursive merging of Javascript objects - fix: dont pollute object proto #1 Β· adaltas/node-mixme@cfd5fbf