CVE-2021-20625

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors...

SonicWall SMA100 post-authenticated remote command injection

A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. CVE: CVE-2021-20017 Last updated: March 13, 2021, 1:04 a.m...

CVE-2020-29032

Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022...

Design/Logic Flaw

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation...

CVE-2021-1346

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...

CVE-2021-1327

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...

CVE-2021-1339 Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...

SolarWinds Serv-U File Server 跨站脚本漏洞

Solarwinds SolarWinds Serv-U File Server is a file transfer server from SolarWinds USA. A cross-site scripting vulnerability exists in SolarWinds Serv-U File Server before 15.2.2, which stems from a WEB application lacking proper authentication of client data. An authenticated attacker could...

CVE-2021-1196

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

CVE-2021-1186

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

Vulnerability fixed in Nagios XI

Nagios has fixed several vulnerabilities in Nagios XI. The vulnerabilities allow a local, authenticated malicious person potentially able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root privileges Increased us...

CVE-2020-5793

CVE-2020-5793 affects Tenable Nessus (Windows) versions 8.9.0–8.12.0 and Nessus Agent 8.0.0–8.1.0. An authenticated local attacker can copy user-supplied files to a specially crafted path in a named user directory by dropping a malicious file into a system directory. The exploit requires valid Wi...

F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2020-74868)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. The F5 BIG-IP product suffers from a cross-site scripting vulnerability that originates from an authenticated attacker being...

CVE-2020-3396 Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability

A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive SSD for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability...

CVE-2020-3130 Cisco Unity Connection Directory Traversal Vulnerability

A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

Cisco FXOS Software Buffer Overflow (cisco-sa-fxos-buffer-cSdmfWUt)

According to its self-reported version, Cisco Firepower Extensible Operating System FXOS is affected by a software buffer overflow vulnerability due to incorrect bounds checking that are parsed from a specific file. An authenticated, local attacker with with valid administrative credentials can...

CVE-2020-6117

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2020-16205

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5. Recent assessments: gwillcox-r7 at November 25, 2020 5:11pm UTC reported: The serv...

CVE-2020-3521

A vulnerability in a specific REST API of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker...

PT-2020-3709 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site-scripting XSS issue exists due to improper sanitization of specially crafted web requests by Microsoft SharePoint Server. An authenticated attacker could...