Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-33259

Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users’ DNS query history.

CVE
#web

Related news

CVE-2021-41019: PSIRT Advisories | FortiGuard

An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.

CVE-2021-26739: There is a sqli vulnerability in pay.php,No admin user login required · Issue #5 · millken/doyocms

SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.

CVE-2020-26707: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter.

CVE-2020-36377: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

CVE-2020-36379: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

CVE-2020-36380: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

CVE-2020-36376: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

CVE-2020-36378: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

CVE-2020-36381: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

CVE-2021-41675: 0dayHunt/E-Negosyo-Authenticated-RCE.py at main · janikwehrli1/0dayHunt

A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. .

CVE-2021-25742: [Security Advisory] CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

CVE-2021-36547: Remote Code Execution via File in Mara version 7.5 · Issue #1 · r0ck3t1973/RCE

A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file.

CVE-2021-26610: KrCERT/CC - KISA 인터넷 보호나라&KrCERT

The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.

CVE-2021-37933: CVE-2021-37933

An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter.

CVE-2021-41920: webTareas 2.4 - Multiple Vulnerabilities

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.

CVE-2021-41568: TWCERT/CC台灣電腦網路危機處理暨協調中心-Tad Web - Improper Authorization

Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system.

CVE-2021-23858: Multiple vulnerabilities in Rexroth IndraMotion and IndraLogic series

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.

FatPipe Networks WARP 10.2.2 Authorization Bypass

Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

CVE-2021-40965: TinyFileManager Vulnerabilities

A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.

CVE-2021-38347: edit.php in simple-custom-website-data/tags/2.2/views – WordPress Plugin Repository

The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.

CVE-2021-38331: writer.php in wp-t-wap/tags/1.13.3/wap – WordPress Plugin Repository

The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2.

ECOA Building Automation System Authorization Bypass / IDOR

The BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources in the system and execute privileged functionalities.

CVE-2020-7832: KrCERT/CC - KISA 인터넷 보호나라&KrCERT

A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)

CVE-2020-8169: HackerOne

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

CVE-2019-15623: HackerOne

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

CVE-2018-13982: - bugfix regarding Security Vulnerability did not solve the problem … · smarty-php/smarty@f9ca3c6

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.

CVE-2016-10045: Offensive Security’s Exploit Database Archive

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907