CVE-2022-36721

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Textbook parameter at /admin/modify.php...

CVE-2023-36721

creationtimestamp| type| source ---|---|--- 2023-10-10 22:26:55+00:00| seen| https://t.me/cibsecurity/72036...

CVE-2023-36721

Windows Error Reporting Service Elevation of Privilege Vulnerability...

CVE-2023-36721 Windows Error Reporting Service Elevation of Privilege Vulnerability

...

CVE-2023-36721

CVE-2023-36721 is a Windows Elevation of Privilege vulnerability affecting the Windows Error Reporting Service. The CVSS vector is Local, with High impact on confidentiality, integrity, and availability; exploitRequires Low privileges and no user interaction, with high attack complexity. Public r...

CVE-2020-36721

The Brilliance = 1.2.7, Activello = 1.4.0, and Newspaper X = 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activelloactivateplugin' and 'activellodeactivateplugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing...

CVE-2020-36721

The Brilliance = 1.2.7, Activello = 1.4.0, and Newspaper X = 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activelloactivateplugin' and 'activellodeactivateplugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing...

CVE-2020-36721

CVE-2020-36721 affects WordPress themes Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X

CVE-2020-36721 Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation/Deactivation

The Brilliance = 1.2.7, Activello = 1.4.0, and Newspaper X = 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activelloactivateplugin' and 'activellodeactivateplugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing...

WordPress Brilliance Theme <= 1.2.7 is vulnerable to Broken Access Control

Software Brilliance Type Theme Vulnerable versions = 1.2.7 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36721 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID a0bd7d64b1bd Credits Jerome Bruandet - NinTechNet...

WordPress Newspaper X Theme <= 1.3.1 is vulnerable to Broken Access Control

Software Newspaper X Type Theme Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36721 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 364d88cff362 Credits Jerome Bruandet - NinTechNet...

WordPress Activello Theme <= 1.4.0 is vulnerable to Broken Access Control

Software Activello Type Theme Vulnerable versions = 1.4.0 Fixed in 1.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36721 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 121a85ec7375 Credits Jerome Bruandet - NinTechNet...

CVE-2022-36721

CVE-2022-36721 affects Library Management System v1.0. It is a SQL injection vulnerability in the Textbook parameter handled at /admin/modify.php. The CVSS‑3.1 base score is 8.8 (HIGH) with Network attack vector, Low attack complexity, Privileges Required: LOW, and impacts to Confidentiality, Int...

CVE-2021-36721

creationtimestamp| type| source ---|---|--- 2021-12-14 16:13:01+00:00| seen| https://t.me/cibsecurity/33925...

CVE-2021-36721

Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server...

CVE-2021-36721 Sysaid - Sysaid API User Enumeration

Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server...

CVE-2021-36721

SysAid IT service management product: authorization issue in the SysAid API prior to version 21.3.60. Root cause is insufficient authentication on a specific API path, allowing an attacker to retrieve usernames from an LDAP server. Affected: versions before 21.3.60. Impact: potential disclosure o...