CVE-2021-23195

CVE-2021-23195 affects Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) 2.0.1.3. The issue is exposure of information through directory listing: if directory listing is enabled and no index file exists, a web server may return entire directory contents in HTML, enabling an attacker to...

Remote Code Execution

h2 is vulnerable to remote code execution. The vulnerability exists due to a lack of secure input validation in DatabaseMetaLocal.java , allowing remote authenticated attackers to execute arbitrary code in the server...

Unrestricted File Upload

pimcore/pimcore allows unrestricted file uploads. The vulnerability exists due to a lack of sanitization of the file type during upload allowing local authenticated attackers to execute malicious scripts on the server...

CVE-2021-46104

An issue was discovered in webpservergo 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server...

CVE-2022-21372

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Federated. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2022-21358

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-21352

CVE-2022-21352 affects Oracle MySQL Server (InnoDB) with impacted versions 8.0.26 and prior. The vulnerability is described as allowing a high-privilege attacker with network access via multiple protocols to compromise MySQL Server, potentially leading to unauthorized creation, deletion, or modif...

RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read

The plugin does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server PoC As a subscriber, open...

CVE-2021-44790

CVE-2021-44790 affects Apache HTTP Server up to version 2.4.51. It describes a buffer overflow in the mod_lua multipart parser (triggered via r:parsebody() from Lua scripts). Connected documents corroborate this in various advisories and patch notes, indicating releases with fixes (e.g., patched ...

PHP file inclusion in the Sulu admin panel

Impact What kind of vulnerability is it? Who is impacted? An attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. Compromised components: Arbitrary file read on the server, Potential Remote code execution Exploitation...

[eBook] Guide to Achieving 24x7 Threat Monitoring and Response for Lean IT Security Teams

If there is one thing the past few years have taught the world, it’s that cybercrime never sleeps. For organizations of any size and scope, having around-the-clock protection for their endpoints, networks, and servers is no longer optional, but it’s also not entirely feasible for many. Attackers...

Path traversal

Adobe Campaign version 21.2.1 and earlier is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server...

Authentication flaw

A vulnerability has been identified in OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd4, OpenPCS 7 V9.1 All versions, SIMATIC BATCH V8.2 All versions, SIMATIC BATCH V9.0 All versions, SIMATIC BATCH V9.1 All versions, SIMATIC NET PC Software V14 All versions, SIMATIC NET PC...

Moderate: dnsmasq security and bug fix update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: fixed outgoing port used when --server is used with an interface name CVE-2021-3448 For more details about the security issues,...

Exploit for Forced Browsing in Engineers_Online_Portal_Project Engineers_Online_Portal

CVE-2021-42671 CVE-2021-42671 - Broken access control vulnerab...

Exploit for Cross-site Scripting in Online_Event_Booking_And_Reservation_System_Project Online_Event_Booking_And_Reservation_System

CVE-2021-42662 CVE-2021-42662 - Stored Cross-Site Scripting vu...

CVE-2020-25873

CVE-2020-25873 is a directory traversal vulnerability in Baijiacms V4 affecting the file system access through the component at system/manager/class/web/database.php. The issue arises from how the application handles the id parameter, enabling an attacker to arbitrarily delete folders on the serv...

Ubuntu 16.04 ESM : MySQL vulnerabilities (USN-5123-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5123-2 advisory. USN-5123-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the precedin...

CVE-2021-38475

CVE-2021-38475 affects AUVESY Versiondog. The vulnerability arises from a database connection to the server via a specific API, potentially allowing an unprivileged user to gain SYSDBA permissions. NVD lists CVSSv3 base score 7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N). CISA/ICS references describe...