CVE-2021-35624

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

Apache Tomcat 资源管理错误漏洞

Apache Tomcat is a lightweight Web application server from the Apache Foundation USA. The program implements support for Servlet and JavaServer Page JSP.A security vulnerability exists in Apache Tomcat, which stems from a web system or product that does not properly validate data boundaries when...

Improper Access Control in agentejo/cockpit

✍️ Description A local file inclusion vulnerability allows attackers to bypass the need for API Keys when querying private custom API endpoints 🕵️‍♂️ Proof of Concept 1. On the server create a custom API endpoint in /var/www/html/config/api/custom.php as follows: param'test'; if !$test return...

October CMS auth bypass and account takeover

Impact An attacker can exploit this vulnerability to bypass authentication using a specially crafted persist cookie. - To exploit this vulnerability, an attacker must obtain a Laravel’s secret key for cookie encryption and signing. - Due to the logic of how this mechanism works, a targeted user...

Account Takeover in Octobercms

Impact An attacker can request an account password reset and then gain access to the account using a specially crafted request. - To exploit this vulnerability, an attacker must know the username of an administrator and have access to the password reset form. Patches - Issue has been patched in...

GHSA-9JXW-CFRH-JXQ6 Cachet vulnerable to new line injection during configuration edition

Impact Authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. Patches This issue was addressed by improving UpdateConfigCommandHandler and preventi...

Path traversal

The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server...

in cortezaproject/corteza-server

✍️ Description Hi team i found an Unrestricted File Upload on https://latest.cortezaproject.org/ which let me upload anything. File Extensions Such as .html , .svg and others should not be executed on the server side. 🕵️‍♂️ Proof of Concept Step to Reproduce 1- Go to the Employees tab and choose an...

CVE-2020-25565

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server...

CVE-2021-22234

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server...

CVE-2021-34574 Password policy evasion in products of MB connect line and Helmholz

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to t...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2021-32743

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...

Unspecified Vulnerability in Nextcloud (CNVD-2021-51814)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 19.0.13, 20.0.11, and 21.0.3, which stems from the audit logging feature failing to log...

SQL Injection Vulnerability in NetGuard Network Audit System of Beijing NetGuard Nebula Information Technology Co.

Netnifty Network Security Audit System is a compliance management system for fine-grained auditing of users' operational behavior on core IT assets and servers within the network in a business environment. A SQL injection vulnerability exists in the Netnifty Network Audit System of Beijing Netnif...

OPENSUSE-SU-2021:0930-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - Fixed plaintext password entries in logfiles bsc1184016. This update was imported from the SUSE:SLE-15-SP2:Update update project...

MGASA-2021-0272 Updated guacd packages fix security vulnerabilities

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain...

GHSA-WPH3-44RJ-92PR elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE

Impact We recently fixed several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with the minimal configuration. Patches The issues were addressed in our last release,...

Authentication flaw

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal...

Volkswagen Vendor Exposed Data of 3.3m Drivers

One of Volkswagen’s vendors left one of its systems open for nearly two years, exposing the personal data of 3.3 million customers – nearly all of them owners or wannabe owners of the automaker’s luxury brand of Audis – Volkswagen America said last week. The breach took place between August 2019...