S12700, S1700,s3700,s5700,s6700,s7700, S9700, Ecns210 Td Security Vulnerabilities

CVE-2021-3275

Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper...

TP-Link Cross Site Scripting

...

TP-Link Devices - (setDefaultHostname) Stored Cross-site Scripting Vulnerability

Multiple TP-Link devices suffer from an unauthenticated persistent cross site scripting vulnerability. Affected models include TD-W9977, TL-WA801ND, TL-WA801N, TL-WR802N, and...

All Thrive Themes and Plugins - Unauthenticated Option Update

The plugins and themes register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers...

All Thrive Themes and Plugins - Unauthenticated Option Update

The plugins and themes register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers...

CVE-2021-22321

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include.....

CVE-2021-22321

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include.....

Design/Logic Flaw

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include.....

CVE-2021-22321

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include.....

SOYAL Biometric Access Control System 5.0 Master Code Disclosure

...

SOYAL Biometric Access Control System 5.0 - Master Code Disclosure Vulnerability

...

SOYAL Biometric Access Control System 5.0 - Master Code Disclosure

...

Rockwell Automation Logix Controllers (Update A)

EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers Vulnerability: Insufficiently Protected Credentials 2. UPDATE INFORMATION This updated advisory is a...

SOYAL Biometric Access Control System 5.0 Master Code Disclosure

Title: SOYAL Biometric Access Control System 5.0 Master Code Disclosure Advisory ID: ZSL-2021-5630 Type: Local/Remote Impact: Exposure of System Information, Exposure of Sensitive Information Risk: (3/5) Release Date: 18.03.2021 Summary Soyal Access systems are built into Raytel Door Entry...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2021-1667)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2021-1632)

The remote host is missing an update for the Huawei...

EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2021-1667)

According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the...

EulerOS Virtualization 2.9.1 : qemu (EulerOS-SA-2021-1632)

According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the...

EulerOS Virtualization 3.0.6.6 : qemu (EulerOS-SA-2021-1455)

According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2021-1455)

The remote host is missing an update for the Huawei...

Local Services Search Engine Management System 1.0 Cross Site Scripting

...

HP / HPE Systems Insight Manager (SIM) Detection (HTTP)

HTTP based detection of HP / HPE Systems Insight Manager...

Local Services Search Engine Management System (LSSMES) 1.0 - (name) XSS Vulnerability

...

Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persistent Cross-Site Scripting (XSS)

...

Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion

Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but...

Cisco AnyConnect Posture (HostScan) Security Service Multiple Vulnerabilities

Advisory Information Title: Cisco AnyConnect Posture (HostScan) Security Service Multiple Vulnerabilities Advisory ID: CORE-2021-0001 Advisory URL: https://www.coresecurity.com/core-labs/advisories/cisco-anyconnect-posture-hostscan-security-service-local-privilege-escalation Date published:...

Security Advisory - Use After Free Vulnerability in Huawei Product

There is a use-after-free vulnerability in Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. (Vulnerability ID:...

qemu security update

[15:4.2.1-4.el7] - Document CVE-2020-25723 as fixed (Mark Kanda) [Orabug: 32222397] {CVE-2020-25084} {CVE-2020-25723} - hw/net/e1000e: advance desc_offset in case of null descriptor (Prasad J Pandit) [Orabug: 32217517] {CVE-2020-28916} - i386: Add 2nd Generation AMD EPYC processors (Moger,...

Unibox 2.4 CSRF / Remote Code Execution

...

CVE-2021-22300

There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other...

Oracle Linux 7 : qemu (ELSA-2021-9034)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9034 advisory. An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB...

EulerOS 2.0 SP9 : qemu (EulerOS-SA-2021-1256)

According to the versions of the qemu package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2021-1275)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2021-1256)

The remote host is missing an update for the Huawei...

Cisco Unified Communications Products Vulnerabilities (cisco-sa-imp-trav-inj-dM687ZD6)

According to its self-reported version, a SQL injection (SQLi) vulnerability exists in the web-based management interface of Cisco Unified CM and Cisco Unified CM SME due to improper validation of user-submitted parameters. An authenticated, remote attacker with administrative credentials can...

EulerOS 2.0 SP9 : qemu (EulerOS-SA-2021-1275)

According to the versions of the qemu package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro...

Cisco Unified Communications Products Vulnerabilities (cisco-sa-imp-trav-inj-dM687ZD6)

According to its self-reported version, multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that.....

Automattic: Non-changing "_idnonce" value leads to CSRF on accounts at https://intensedebate.com for account takeover

Summary: The "_idnonce" value on https://intensedebate.com protects victims from CSRF attacks. However, this value is not changing with changed user ids of same account (_idnonce value is same in request from user id 'X' and user id 'Y' when 'X' is changed to 'Y'). It leads to CSRF on victim's...

phpGACL template multiple cross-site scripting vulnerabilities

Summary Multiple cross-site scripting vulnerabilities exist in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability. Tested Versions phpGACL 3.3.7 OpenEMR...

Cisco Unified CommunicationsManager Information Disclosure (cisco-sa-cucm-logging-6QSWKRYz)

An information disclosure vulnerability exists in Cisco Unified Communications Manager due to the storage of unencrypted credentials. An authenticated, remote attacker can exploit this, by accessing the audit logs of the system, to disclose sensitive information. Note that Nessus has not tested...

Huawei Data Communication: Out of Bounds Read Vulnerability in Several Products (huawei-sa-20200122-09-eudemon)

There is an out-of-bounds read vulnerability in several...

CVE-2020-1866

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions...

CVE-2020-1866

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions...

Cross site scripting

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions...

CVE-2020-1866

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions...

High-Severity Cisco Flaw Found in CMX Software For Retailers

A high-severity flaw in Cisco’s smart Wi-Fi solution for retailers could allow a remote attacker to alter the password of any account user on affected systems. The vulnerability is part of a number of patches issued by Cisco addressing 67 high-severity CVEs on Wednesday. This included flaws found.....

Exploit for SQL Injection in Apache Skywalking

Apache...

Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission Vulnerability

...

Fluentd TD-agent 4.0.1 Insecure Folder Permission

...

Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission

...