DEBIAN-CVE-2021-29507

GENIVI Diagnostic Log and Trace DLT provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail t...

UBUNTU-CVE-2021-29507

GENIVI Diagnostic Log and Trace DLT provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail t...

CVE-2021-29507

GENIVI Diagnostic Log and Trace (DLT) affects GENIVI DLT versions 2.10.0–2.18.6. The vulnerability arises when a configuration file contains special characters, causing a vulnerable component to crash and preventing applications from generating dlt logs. As documented, there was no patch at publi...

PT-2021-19788 · Unknown · Express-Cart

Name of the Vulnerable Software and Affected Versions: express-cart versions 1.1.10 and earlier Description: The issue allows Reflected XSS for an admin via a user input field for product options. It is noted that exploitation would rely on an admin hacking their own website. Recommendations: For...

PT-2021-3038 · Microsoft · Windows Ssdp Service +1

Name of the Vulnerable Software and Affected Versions: Windows SSDP Service affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows SSDP Service component of the Windows operating system. Exploitation of this issue may allow an attacker...

GHSA-4943-9VGG-GR5R Cross-site Scripting in quill

A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. No patch exists and no further releases are planned. This CVE is disputed. Researchers have claimed that...

PT-2021-16751 · Adtran · Adtran Personal Phone Manager +2

Name of the Vulnerable Software and Affected Versions: AdTran Personal Phone Manager version 10.8.1 Description: The issue allows for exfiltration of data over DNS, potentially enabling exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over...

PT-2021-16750 · Adtran · Adtran Personal Phone Manager +2

Name of the Vulnerable Software and Affected Versions: AdTran Personal Phone Manager versions 10.8.1 and earlier Description: The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting XSS issues. These issues impact versions 10.8.1 and below, and...

PT-2021-11749 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.1.3 Description: A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installe...

PT-2021-12084 · Unknown · Golang-Nanoauth

Name of the Vulnerable Software and Affected Versions: golang-nanoauth versions v0.0.0-20160722212129-ac0cc4484ad4 through v0.0.0-20200131131040-063a3fb69896 Description: The issue concerns a global bypass of authentication in the golang-nanoauth library. When the ListenAndServe function is calle...

PT-2021-4110 · Genivia +1 · Genivi Diagnostic Log/Trace +1

Name of the Vulnerable Software and Affected Versions: GENIVI Diagnostic Log and Trace DLT versions 2.10.0 through 2.18.6 Description: The issue is related to the incorrect handling of special characters in configuration files, which can cause a vulnerable component to crash. This can lead to...

PT-2021-17861 · Seo Panel · Seo Panel

Name of the Vulnerable Software and Affected Versions: SEO Panel version 4.8.0 Description: The issue concerns a time-based blind SQL injection vulnerability in the order col parameter of the archive.php file. This vulnerability allows an attacker to retrieve all databases. Recommendations: For S...

PT-2021-17860 · Seo Panel · Seo Panel

Name of the Vulnerable Software and Affected Versions: Seo Panel version 4.8.0 Description: A cross-site scripting XSS issue allows remote attackers to inject JavaScript via settings.php and the category parameter. Recommendations: For Seo Panel version 4.8.0, consider disabling access to...

python jsonpickle 2.0.0 - Remote Code Execution

Exploit Title: python jsonpickle 2.0.0 - Remote Code Execution Date: 24-2-2021 Vendor Homepage: https://jsonpickle.github.io Exploit Author: Adi Malyanker, Shay Reuven Software Link: https://github.com/jsonpickle/jsonpickle Version: 2.0.0 Tested on: windows, linux Python is an open source languag...

CVE-2021-25140

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This...

Vulnerability found in Adobe ColdFusion

A vulnerability has been found in Adobe ColdFusion. Due to an error in the permissions structure, a local malicious agent can place a specially prepared DLL file to execute arbitrary code under SYSTEM privileges. For more information, see the page below: https://www.kb.cert.org/vuls/id/125331 At...

PT-2021-16511 · Belkin · Belkin Linksys Wrt160Nl

Name of the Vulnerable Software and Affected Versions: Belkin Linksys WRT160NL version 1.0.04.002 US 20130619 Description: The administration web interface on Belkin Linksys WRT160NL devices allows remote authenticated attackers to execute system commands with root privileges via shell...

PT-2021-1692 · Cisco · Cisco Small Business Rv130W +3

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers affected versions not specified Description: The issue is related to multiple vulnerabilities in the web-based management interface of the affected routers. These vulnerabilities...

PT-2021-7592 · Cgal +1 · Cgal +1

Name of the Vulnerable Software and Affected Versions: CGAL libcgal version 5.1.1 Description: The issue is related to the Nef polygon-parsing functionality and involves an out-of-bounds read and type confusion, potentially leading to code execution. This can be triggered by a specially crafted...

PT-2021-7590 · Unknown +1 · Cgal Libcgal +1

Name of the Vulnerable Software and Affected Versions: CGAL libcgal version 5.1.1 Description: The issue is related to multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal. A specially crafted malformed file can lead to an out-of-bounds read and type...