Design/Logic Flaw

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

Code injection

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

CVE-2021-26752

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

CVE-2021-26753

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

CVE-2021-3176

The chat window of the Mitel BusinessCTI Enterprise MBC-E Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view...

Input validation

The chat window of the Mitel BusinessCTI Enterprise MBC-E Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view...

Cross site scripting

Archer before 6.8 P4 6.8.0.4 contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store throug...

CVE-2021-3176

The chat window of the Mitel BusinessCTI Enterprise MBC-E Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view...

CVE-2020-27154

The chat window of Mitel BusinessCTI Enterprise MBC-E Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation. A successful exploit could allow an attacker to view the user...

Input validation

The chat window of Mitel BusinessCTI Enterprise MBC-E Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation. A successful exploit could allow an attacker to view the user...

CVE-2020-26816

SAP AS JAVA Key Storage Service, versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access ...

Mail.ru: Exposed Git Repo at https://mini-app.delivery-club.ru

Leaking sensitive application data in configuration files at mini-app.delivery-club.ru...

nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state

A protocol downgrade flaw was found in Network Security Services NSS. After a HelloRetryRequest has been sent, the client may negotiate a lower protocol than TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data...

Directory traversal

Some devices of Thales DIS formerly Gemalto, formerly Cinterion allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for custom...

DEBIAN-CVE-2020-24585

An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS applicationdata messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application...

CVE-2020-24585

Overview An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS applicationdata messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. Remediation Upgrade wolfssl to version 4.5.0 or higher...

nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state

A protocol downgrade flaw was found in Network Security Services NSS. After a HelloRetryRequest has been sent, the client may negotiate a lower protocol than TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data...

CVE-2020-7577

A vulnerability has been identified in Camstar Enterprise Platform All versions, Opcenter Execution Core All versions V8.2. Through the use of several vulnerable fields of the application, an authenticated user could perform an SQL Injection attack by passing a modified SQL query downstream to th...

Sql injection

A vulnerability has been identified in Camstar Enterprise Platform All versions, Opcenter Execution Core All versions V8.2. Through the use of several vulnerable fields of the application, an authenticated user could perform an SQL Injection attack by passing a modified SQL query downstream to th...

Apache Tomcat Code Problem Vulnerability

Apache Tomcat is the United States Apache Apache Software Foundation, a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. A security vulnerability exists in Apache Tomcat. An attacker could exploit the vulnerability to access or modify...