Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-40651: Offensive Security’s Exploit Database Archive

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server’s filesystem as long as the application has access to the file.

CVE

Related news

CVE-2021-42275: Microsoft COM for Windows Remote Code Execution Vulnerability

*How could an attacker exploit this vulnerability?* An authorized attacker could exploit this Windows COM vulnerability by sending from a user mode application specially crafted malicious COM traffic directed at the COM Server, which might lead to remote code execution.

CVE-2021-42057: Arbitrary Code Execution via JavaScript Queries (CVE-2021-42057) · Issue #615 · blacksmithgu/obsidian-dataview

Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases.

CVE-2020-23052

Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters.

CVE-2020-23040

Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands.

CVE-2021-42840: History for modules/exploits/linux/http/suitecrm_log_file_rce.rb - rapid7/metasploit-framework

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.

CVE-2021-20807: 不具合情報公開サイト

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.

CVE-2021-20802: 不具合情報公開サイト

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product.

CVE-2021-20803: 不具合情報公開サイト

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen.

CVE-2021-20798: 不具合情報公開サイト

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

CVE-2021-20799: 不具合情報公開サイト

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

CVE-2021-20796: 不具合情報公開サイト

Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors.

CVE-2021-20804: 不具合情報公開サイト

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors.

CVE-2021-20800: 不具合情報公開サイト

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

CVE-2021-20797: JVN#52694228: Multiple vulnerabilities in Cybozu Remote Service

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox.

CVE-2021-20805: 不具合情報公開サイト

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

CVE-2021-20795: 不具合情報公開サイト

Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.

CVE-2021-41564: TWCERT/CC台灣電腦網路危機處理暨協調中心-Tad Honor - Improper Authorization

Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in.

CVE-2021-41975: TWCERT/CC台灣電腦網路危機處理暨協調中心-Tad TadTools - Improper Authorization

TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.

CVE-2021-41976: TWCERT/CC台灣電腦網路危機處理暨協調中心-Tad Uploader - Improper Authorization

Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in.

CVE-2021-3312: Releases · alkacon/opencms-core

An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.

CVE-2020-21648: file deletion vulnerability · Issue #9 · shadoweb/wdja

WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php.

CVE-2021-39351: wpBannerizeAdmin.php in wp-bannerize/trunk/Classes – WordPress Plugin Repository

The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2.

CVE-2021-39889: HackerOne

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.

CVE-2021-40927: [Security] XSS in callback.php · Issue #137 · citelao/Spotify-for-Alfred

Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter.

CVE-2021-41467: [Security] XSS in application/controllers/dropbox.php · Issue #106 · hjue/JustWriting

Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.

CVE-2021-40928: [Security] XSS in index.php of Phlex and FlexTV · Issue #37 · d8ahazard/FlexTV

Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter.

CVE-2021-40968: [Security] six XSS in templates/installer/step-004.inc.php · Issue #711 · spotweb/spotweb

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.

CVE-2021-40970: [Security] six XSS in templates/installer/step-004.inc.php · Issue #711 · spotweb/spotweb

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.

CVE-2021-40969: [Security] six XSS in templates/installer/step-004.inc.php · Issue #711 · spotweb/spotweb

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.

CVE-2021-40971: [Security] six XSS in templates/installer/step-004.inc.php · Issue #711 · spotweb/spotweb

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.

CVE-2021-40973: [Security] six XSS in templates/installer/step-004.inc.php · Issue #711 · spotweb/spotweb

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.

CVE-2021-40972: [Security] six XSS in templates/installer/step-004.inc.php · Issue #711 · spotweb/spotweb

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.

CVE-2021-40923: GitHub - pixeline/bugs: Simple Issue Tracking for Teams. Built in Laravel 3 (php/mysql)

Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter.

CVE-2021-40922: GitHub - pixeline/bugs: Simple Issue Tracking for Teams. Built in Laravel 3 (php/mysql)

Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter.

CVE-2021-40924: GitHub - pixeline/bugs: Simple Issue Tracking for Teams. Built in Laravel 3 (php/mysql)

Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter.

CVE-2021-41323: Release Hotfix for 2.2 · pydio/cells

Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter.

CVE-2021-41764: Streama-Exploit.html

A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a CSRF attack and send them to the attacker.

CVE-2021-35027: Zyxel security advisory for directory traversal and command injection vulnerabilities of VPN2S Firewall | Zyxel

A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.

CVE-2021-39239: Pony Mail!

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

CVE-2021-37909: TWCERT/CC台灣電腦網路危機處理暨協調中心-全景 TSSServiSignAdapter Windows版 - Improper Input Validation

WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code.

CVE-2021-40964: TinyFileManager Vulnerabilities

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.

CVE-2021-40965: TinyFileManager Vulnerabilities

A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.

CVE-2021-38347: edit.php in simple-custom-website-data/tags/2.2/views – WordPress Plugin Repository

The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.

CVE-2021-38331: writer.php in wp-t-wap/tags/1.13.3/wap – WordPress Plugin Repository

The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2.

CVE-2021-35061: security/CVE-2021-35061.md at main · sthierolf/security

Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components.

CVE-2021-32535: TWCERT/CC台灣電腦網路危機處理暨協調中心-QSAN SANOS - Use of Hard-coded Credentials

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.

CVE-2021-3517: 1954232 – (CVE-2021-3517) CVE-2021-3517 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

CVE-2020-10727: Login server redirect

A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.

CVE-2019-7619: Elastic Stack 7.4.0 security update

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.

CVE-2019-9530: VU#719689 - Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal

The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.

CVE-2019-3816: 1667070 – (CVE-2019-3816) CVE-2019-3816 openwsman: Disclosure of arbitrary files outside of the registered URIs

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

CVE-2018-19277: XXE Injection - Security scan bypass · Issue #771 · PHPOffice/PhpSpreadsheet

securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file

CVE-2011-1943: oss-security - Re: CVE request: NetworkManager-openvpn logs cert password

The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907