Vulnerability fixed in Commvault Command Center

Commvault has fixed a vulnerability in Command Center. The vulnerability can be exploited by an unauthenticated remote malicious person to execute arbitrary code. This requires sending a specially crafted http request to the vulnerable application containing a reference to a rogue zip file. The...

Vulnerabilities fixed in IBM Cognos Analytics

IBM has fixed vulnerabilities in Cognos Analytics. A malicious party could exploit the vulnerabilities to perform a Server-Site-Request-Forgery attack in order to collect system information without prior authorizations to collect system information. Also, a malicious party could potentially execu...

Vulnerabilities fixed in Splunk

Splunk has fixed vulnerabilities in Splunk Enterprise and Universal Forwarder. A malicious party could potentially exploit them to cause a denial-of-service, bypassing security measures or to gain access to system data. The most serious vulnerability involves causing a Denial-of-Service. For this...

Race condition

The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...

CVE-2021-25094 Tatsu < 3.3.12 - Unauthenticated RCE

The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...

PT-2021-7096 · WordPress · Tatsu Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Tatsu WordPress plugin versions prior to 3.3.12 Description: The issue is related to the add custom font action in the Tatsu WordPress plugin, which can be used without prior authentication to upload a rogue zip file. This file is uncompresse...