Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-33816: Security Advisory 2106-01 - Trovent Security GmbH

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.

CVE
#web

Related news

CVE-2021-41772: [security] Go 1.17.3 and Go 1.16.10 are released

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.

CVE-2021-41566: TWCERT/CC台灣電腦網路危機處理暨協調中心-Tad TadTools - Arbitrary File Upload

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.

CVE-2021-39404: GitHub - mari0x00/MaianAffiliate-Code-execution-and-XSS

MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database.

CVE-2021-32265: A global-buffer-overflow in Ap4ByteStream.cpp:783:5 · Issue #545 · axiomatic-systems/Bento4

An issue was discovered in Bento4 through v1.6.0-637. A global-buffer-overflow exists in the function AP4_MemoryByteStream::WritePartial() located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or information disclosure.

CVE-2021-40373: GitHub - maikroservice/CVE-2021-40373: CVE-2021-40373 - remote code execution

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.

CVE-2020-24986: HackerOne

Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907