Clear-text insertion of user's passwords into log files

...

CVE-2021-24208 WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)

The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets though the custom HTML widget requires sending a crafted request - it appears that this...

CVE-2021-29933

The CVE concerns the Rust crate insert_many (pre-2021-01-26). Affected behavior arises when resizing a vector used to insert items: the implementation moved items with ptr::copy, then iterated the provided Iterator; if the iterator’s next() panics, the elements may be dropped twice, causing doubl...

Moodle 3.10.3 Cross Site Scripting

Exploit Title: Moodle 3.10.3 - 'label' Persistent Cross Site Scripting Date: 25.03.2021 Author: Vincent666 ibn Winnie Software Link: https://moodle.org/ Tested on: Windows 10 Web Browser: Mozilla Firefox Google Dorks: inurl:/lib/editor/atto/plugins/managefiles/ or calendar/view.php?view=month...

CVE-2021-28823

The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating...

CVE-2021-28822

The Enterprise Message Service Server tibemsd, Enterprise Message Service Central Administration tibemsca, Enterprise Message Service JSON configuration generator tibemsconf2json, and Enterprise Message Service C API components of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO...

CVE-2021-28823

The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating...

CVE-2021-28820

The FTL Server tibftlserver, FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker...

CVE-2021-28818

The Rendezvous Routing Daemon rvrd, Rendezvous Secure Routing Daemon rvrsd, Rendezvous Secure Daemon rvsd, Rendezvous Cache rvcache, Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition...

Tibco TIBCO Enterprise Message Service 代码问题漏洞

Tibco TIBCO Enterprise Message Service is an enterprise messaging middleware from Tibco, USA. It is based on the standard Java™ Message Service JMS agent, which allows any JMS-enabled application, whether native or third-party, to exchange messages quickly and easily. A security vulnerability...

TIBCO Software TIBCO Rendezvous Developer Edition 安全漏洞

TIBCO Software Rendezvous Routing Daemon is an application component from TIBCO Software, Inc. The component used for TIBCO. A security vulnerability exists in TIBCO Software Rendezvous Routing Daemon that originates from a vulnerability that can be exploited by an attacker to insert malware...

Tibco Software TIBCO Software FTL 安全漏洞

Tibco Software TIBCO Software FTL is an application-to-application messaging system from TIBCO Software USA. A security vulnerability exists in TIBCO Software FTL, which can be exploited by an attacker to insert malicious software...

Tibco Software TIBCO Software FTL 安全漏洞

Tibco Software TIBCO Software FTL is an application-to-application messaging system from TIBCO Software USA. A security vulnerability exists in TIBCO Software FTL, which can be exploited by a low-privileged attacker to insert malware...

CVE-2021-28029

An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations...

CVE-2021-28028

An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic...

CVE-2021-28029

An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations...

Memory corruption

An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations...

CVE-2021-26566

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic...

CVE-2021-26566

CVE-2021-26566 affects Synology DiskStation Manager (DSM) via the synorelayd component, where a vulnerability prior to DSM 6.2.3-25426-3 allows a remote attacker to induce insertion of sensitive information into outbound data through inbound QuickConnect traffic, enabling a man‑in‑the‑middle to e...

Remote code execution

Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code execution. We believe...