Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-25911: Vul_disclose/XXE_modxcms.md at main · dahua966/Vul_disclose

A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).

CVE
#vulnerability#dos

Related news

CVE-2020-24000: There is SQL injection in your source code · Issue #13 · eyoucms/eyoucms

SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.

CVE-2021-25874

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.

CVE-2021-41746: SQL injection · Issue #1 · purple-WL/Yonyou-TurboCRM-SQL-injection

SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information.

CVE-2021-41675: 0dayHunt/E-Negosyo-Authenticated-RCE.py at main · janikwehrli1/0dayHunt

A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. .

CVE-2021-42334: TWCERT/CC台灣電腦網路危機處理暨協調中心-驊鉅數位科技 Easytest線上學習測驗平台 - SQL Injection-2

The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions.

CVE-2021-42333: TWCERT/CC台灣電腦網路危機處理暨協調中心-驊鉅數位科技 Easytest線上學習測驗平台 - SQL Injection-1

The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions.

CVE-2021-20833: JVN#10168753: SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification

The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on and/or alter encrypted communication via a crafted certificate.

CVE-2021-36175: PSIRT Advisories | FortiGuard

An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device.

CVE-2021-24017: FortiGuard

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.

CVE-2021-24017: PSIRT Advisories | FortiGuard

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.

CVE-2019-14820: 1649870 – (CVE-2019-14820) CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907