Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-23858: Multiple vulnerabilities in Rexroth IndraMotion and IndraLogic series

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.

CVE

Related news

CVE-2020-10052

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks.

CVE-2020-10053

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks.

CVE-2021-41371: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is read access to Windows RDP client passwords by RDP server administrators.

CVE-2021-41373: FSLogix Information Disclosure Vulnerability

*What data can be disclosed by this vulnerability?* This vulnerability allows disclosing user data redirected to the profile or Office container via FSLogix Cloud cache. This data can include user profile settings and files.

CVE-2021-38631: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is read access to Windows RDP client passwords by RDP server administrators.

CVE-2021-41019: PSIRT Advisories | FortiGuard

An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.

CVE-2021-26739: There is a sqli vulnerability in pay.php,No admin user login required · Issue #5 · millken/doyocms

SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.

CVE-2021-33259

Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history.

CVE-2021-41675: 0dayHunt/E-Negosyo-Authenticated-RCE.py at main · janikwehrli1/0dayHunt

A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. .

CVE-2021-25742: [Security Advisory] CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

CVE-2021-25968: Open Source Vulnerability Database | WhiteSource

In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field.

CVE-2021-37933: CVE-2021-37933

An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter.

CVE-2021-20806: JVN#52694228: Multiple vulnerabilities in Cybozu Remote Service

Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVE-2021-40500

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server.

CVE-2021-40884: Insecure Direct Object Reference in Files function · Issue #992 · projectsend/projectsend

Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application.

CVE-2021-41568: TWCERT/CC台灣電腦網路危機處理暨協調中心-Tad Web - Improper Authorization

Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system.

CVE-2021-41920: webTareas 2.4 - Multiple Vulnerabilities

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.

CVE-2021-3833: Automatic update & upgrade system - Integria IMS

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.

CVE-2021-34772: Cisco Orbital Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted URL. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability, known as an open redirect attack, is used in phishing attacks to persuade users to visit malicious sites.

CVE-2021-39433: BIQSDRIVE

A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.

CVE-2021-23855: Multiple vulnerabilities in Rexroth IndraMotion and IndraLogic series

The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables.

CVE-2021-25964: WhiteSource Vulnerability Database

In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.

CVE-2021-24016: PSIRT Advisories | FortiGuard

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.

CVE-2021-41729: Bug Report: Multiple Arbitrary File Deletion vulnerabilities · Issue #3 · meiko-S/BaiCloud-cms

BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php.

CVE-2021-37104: Security Advisory - Server-Side Request Forgery Vulnerability in Huawei Product

There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do.

CVE-2020-20693: There is a CSRF vulnerability that can add an administrator account · Issue #51 · GilaCMS/gila

A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.

FatPipe Networks WARP 10.2.2 Authorization Bypass

Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

CVE-2021-21742: Security Bulletin Details

There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.

CVE-2021-21742: Security Bulletin Details

There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.

CVE-2020-20514: There is a CSRF vulnerability that can del the administrator account · Issue #76 · magicblack/maccms10

A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.

CVE-2021-33044: Security Advisory - Identity authentication bypass vulnerability found in some Dahua products

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

CVE-2021-33045: Security Advisory - Identity authentication bypass vulnerability found in some Dahua products

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

CVE-2021-40965: TinyFileManager Vulnerabilities

A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.

CVE-2020-20671: There is CSRF and Arbitrary file upload vulnerability getshell · Issue #3 · Kitesky/KiteCMS

A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.

CVE-2020-20672: There is CSRF and Arbitrary file upload vulnerability getshell · Issue #3 · Kitesky/KiteCMS

An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.

CVE-2021-38331: writer.php in wp-t-wap/tags/1.13.3/wap – WordPress Plugin Repository

The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2.

CVE-2021-38347: edit.php in simple-custom-website-data/tags/2.2/views – WordPress Plugin Repository

The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.

ECOA Building Automation System Authorization Bypass / IDOR

The BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources in the system and execute privileged functionalities.

CVE-2021-36621: Offensive Security’s Exploit Database Archive

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator.

CVE-2020-8169: HackerOne

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

CVE-2019-14886: 1771354 – (CVE-2019-14886) CVE-2019-14886 Business-central: Encrypted password shown under Object id 7 of errai_security_context

A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed.

CVE-2019-15623: HackerOne

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

CVE-2019-5448: notes/Yarn-vuln.md at master · ChALkeR/notes

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.

CVE-2018-13982: - bugfix regarding Security Vulnerability did not solve the problem … · smarty-php/smarty@f9ca3c6

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.

CVE-2016-10045: Offensive Security’s Exploit Database Archive

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907