MTN Group: Remote code injection in Log4j on http://mtn1app.mtncameroon.net - CVE-2021-44228

The vulnerability CVE-2021-44228, a remote code injection flaw in Log4j, was discovered on the website http://mtn1app.mtncameroon.net. The vulnerability was confirmed to be present on the ports 8080 and 8443 of the website. The issue was demonstrated by retrieving the hostname of the affected...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j-CVE-2021-44228 Log4j Remote Cod...

openhab -- log4j remote code injection

Openhab reports: Any openHAB instance that is publicly available or which consumes untrusted content from remote servers is potentially a target of this attack...

CVE-2021-20039

CVE-2021-20039 is an authenticated command-injection vulnerability in SonicWall SMA100 management interface (/cgi-bin/viewcert) that affects SMA 200/210/400/410/500v appliances. The issue arises from improper neutralization of special elements in a POST request, enabling a remote authenticated at...

Cross site scripting

A cross-site scripting XSS vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions...

CVE-2021-38681

A reflected cross-site scripting XSS vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security pat...

CVE-2021-38681 Reflected XSS Vulnerability in Ragic Cloud DB

A reflected cross-site scripting XSS vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security pat...

CVE-2021-43551

CVE-2021-43551 affects OSIsoft PI Vision. A remote attacker with write access can inject code into a display (cross‑site scripting), potentially causing information disclosure, modification, or deletion when a victim loads/interacts with the infected display in Internet Explorer. PI Vision prior ...

CVE-2021-41269 Unauthenticated remote code injection in cron-utils

cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code...

CVE-2021-34357

A cross-site scripting XSS vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 2021/08/25 and...

CVE-2021-34357

CVE-2021-34357 describes a cross-site scripting (XSS) vulnerability affecting QNAP devices running QmailAgent. The issue allows remote attackers to inject malicious code via the affected QmailAgent component, with exploitation potentially leading to user impact on affected pages. The vulnerabilit...

The vulnerability of theEncode.pm module in the Perl programming language allows attackers to inject arbitrary code and gain elevated privileges.

The vulnerability of theEncode.pm module in the Perl programming language is related to incorrect handling of the search path. Exploiting this vulnerability allows a remote attacker to inject arbitrary code and gain increased privileges...

CVE-2021-43281

MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type "php" with PHP code, executed o...

Code injection

MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type "php" with PHP code, executed o...

CVE-2021-43281

MyBB prior to 1.8.29 is vulnerable to Remote Code Injection via the Admin CP Settings module. The issue arises because the Settings management code does not validate setting types on insert/update, allowing an admin with the Can manage settings? permission to inject PHP code through a setting of ...

CVE-2021-43281

MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type "php" with PHP code, executed o...

CVE-2021-20807

The CVE-2021-20807 issue is a cross-site scripting vulnerability in the Cybozu Remote Service management screen (versions 3.0.0–3.1.9). The underlying flaw enables an attacker to inject arbitrary scripts via unspecified vectors, potentially affecting users authenticated to the product and execute...

Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2020-5258)

Summary There is a vulnerability in IBM WebSphere Application Server, used by IBM ESS, which could allow a remote attacker to inject arbitrary code in the system. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system...

CVE-2021-40926

Cross-site scripting XSS vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter...

CVE-2021-34355

A cross-site scripting XSS vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10...