Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-20805: 不具合情報公開サイト

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

CVE

Related news

CVE-2020-25368

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.

CVE-2020-25367

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.

CVE-2021-41022: PSIRT Advisories | FortiGuard

A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts

CVE-2020-23054

A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field.

CVE-2020-23040

Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands.

CVE-2021-20796: 不具合情報公開サイト

Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors.

CVE-2021-20802: 不具合情報公開サイト

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product.

CVE-2021-20807: 不具合情報公開サイト

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.

CVE-2021-20803: 不具合情報公開サイト

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen.

CVE-2021-20801: 不具合情報公開サイト

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.

CVE-2021-20800: 不具合情報公開サイト

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

CVE-2021-20798: 不具合情報公開サイト

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

CVE-2021-20799: 不具合情報公開サイト

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

CVE-2021-20795: 不具合情報公開サイト

Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.

CVE-2021-20804: 不具合情報公開サイト

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors.

CVE-2021-20797: JVN#52694228: Multiple vulnerabilities in Cybozu Remote Service

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox.

CVE-2020-15941: FortiGuard

A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.

CVE-2020-15941: PSIRT Advisories | FortiGuard

A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.

CVE-2021-40651: Offensive Security’s Exploit Database Archive

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.

CVE-2021-35027: Zyxel security advisory for directory traversal and command injection vulnerabilities of VPN2S Firewall | Zyxel

A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.

CVE-2021-40964: TinyFileManager Vulnerabilities

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907