CVE-2021-41316

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...

CVE-2021-41316

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...

Design/Logic Flaw

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...

CVE-2021-41316

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...

CVE-2021-41316

The CVE-2021-41316 entry applies to Device42 Main Appliance prior to version 17.05.01, where the Nmap Discovery utility does not sanitize user input. An attacker with permissions to add or edit jobs for this utility can inject an extra argument to overwrite arbitrary files as root on the Remote C...

Boost Note 注入漏洞

Boost Note is an open source developer-friendly workspace with IDE-like UX. it provides the following features focusing on information management and searchability. A security vulnerability exists in Boost Note versions prior to 0.22.0 that stems from a lack of effective filtering and validation ...

Evolution CMS 3.1.6 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Evolution CMS 3.1.6 - Remote Code Execution RCE Authenticated Date: 15-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://evo.im/ Software Link: https://github.com/evolution-cms/evolution/releases Version: 3.1.6 Category: Webapps Tested on: Linux/Windows Exampl...

playSMS代码注入漏洞

playSMS is an open source SMS Short Message Service management software from Anton Raharja, an individual developer in India. A security vulnerability exists in playSMS versions prior to 1.4.5, which stems from allowing PHP code to be entered via the tabs message page of coremainconfig. This...

The vulnerability of the OpenVPN Connect software lies in its shortcomings regarding system library calls. This allows a hacker to execute arbitrary code with the same level of privileges as the main OpenVPN process.

The vulnerability of the OpenVPN Connect software is related to deficiencies in the mechanism for calling system libraries. Exploiting this vulnerability allows an attacker to execute arbitrary code with the same level of privileges as the main OpenVPN process, using the OpenSSL configuration fil...

The vulnerability of the PHP-Fusion CMS’s “scenario” implementation (administration/settings_main.php), which allows attackers to execute cross-site scenario attacks.

The vulnerability of the PHP-Fusion CMS system’s “administration/settingsmain.php” script relates to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2021-37389

CVE-2021-37389 affects Chamilo 1.11.14. The vulnerability is a stored XSS in the installer paths main/install/index.php and main/install/ajax.php via the port parameter. The connected documents consistently describe this CVE as a stored XSS issue in Chamilo LMS and do not provide exploitation det...

CVE-2021-34629

The SendGrid WordPress plugin is vulnerable to authorization bypass via the getajaxstatistics function found in the /lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8...

Authorization

The SendGrid WordPress plugin is vulnerable to authorization bypass via the getajaxstatistics function found in the /lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8...

Cross-site scripting in anchorme

All versions of package anchorme are vulnerable to Cross-site Scripting XSS via the main functionality...

GHSA-W4WQ-RVMQ-77X7 Cross-site scripting in anchorme

All versions of package anchorme are vulnerable to Cross-site Scripting XSS via the main functionality...

Command injection

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization...

Know where your project stands with the new project overview!

In late April, I introduced the new project experience for SonarCloud, which has already been adopted by a lot of you. Today, we’re adding a brand new project overview page! We can’t wait for you to try it! Let’s discover what’s inside in this blog. Your project status & activity all in one place...

br.com.damsete.arq:damsete-arq (>=0.0.9 <=0.0.12), br.com.damsete.arq:damsete-arq-audit (>=0.0.9 <=0.0.12) +481 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (>=5.2.0.RELEASE <=5.2.10.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.2.0.RELEASE, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =2.0.3 - com.c4-soft.springaddons:spring-security-oauth2-addons =1.0.0 -...

CVE-2020-23179

A stored cross site scripting XSS vulnerability in administration/settingsmain.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field...

Php-fusion PHP-Fusion 跨站脚本漏洞

PHP-Fusion is a lightweight open source content management system. A stored cross-site scripting vulnerability exists in administration/settingsmain.php in PHP-Fusion, which can be exploited to execute arbitrary web script or HTML via the "site footer" field...