What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-08 18:15:09 | CVE-2021-24801 (lien direct) | The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues | Guideline | ||
|
2021-11-08 18:15:09 | CVE-2021-24731 (lien direct) | The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection. | Spam Guideline | ||
|
2021-11-08 18:15:09 | CVE-2021-24791 (lien direct) | The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections | Guideline | ||
|
2021-11-08 18:15:08 | CVE-2021-24575 (lien direct) | The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above. | Guideline | ||
|
2021-11-08 18:15:08 | CVE-2021-24616 (lien direct) | The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | Guideline | ||
|
2021-11-08 18:15:08 | CVE-2021-24626 (lien direct) | The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection | Guideline | ★★★ | |
|
2021-11-08 18:15:08 | CVE-2021-24629 (lien direct) | The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections | Guideline | ★★★ | |
|
2021-11-08 18:15:08 | CVE-2021-24630 (lien direct) | The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author | Guideline | ★★★ | |
|
2021-11-08 18:15:08 | CVE-2021-24631 (lien direct) | The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection | Guideline | ||
|
2021-11-08 18:15:08 | CVE-2021-24627 (lien direct) | The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection | Guideline | ★★★★ | |
|
2021-11-08 17:15:07 | CVE-2021-29735 (lien direct) | IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Vulnerability Guideline | ||
|
2021-11-08 17:15:07 | CVE-2020-4153 (lien direct) | IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174269. | Vulnerability Guideline | ||
|
2021-11-08 04:15:08 | CVE-2021-42075 (lien direct) | An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service. | Guideline | ||
|
2021-11-08 04:15:08 | CVE-2021-34685 (lien direct) | UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution). | Guideline | ||
|
2021-11-08 04:15:08 | CVE-2021-42072 (lien direct) | An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption. | Guideline | ★★★ | |
|
2021-11-07 18:15:07 | CVE-2021-43412 (lien direct) | An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access. | Guideline | ||
|
2021-11-07 16:15:07 | CVE-2021-37471 (lien direct) | A restricted shell escape sequence is possible on Cradlepoint IBR900-600 7.2.60 devices that can lead to an attacker denying the availability of all console or SSH command-line access. | Guideline | ||
|
2021-11-05 16:15:07 | CVE-2021-42543 (lien direct) | The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown. | Guideline | ||
|
2021-11-05 13:15:08 | CVE-2021-42664 (lien direct) | A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. | Vulnerability Guideline | ||
|
2021-11-05 11:15:08 | CVE-2021-42662 (lien direct) | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. | Vulnerability Guideline | ||
|
2021-11-05 03:15:11 | CVE-2021-25506 (lien direct) | Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. | Guideline | ||
|
2021-11-05 00:15:10 | CVE-2021-39895 (lien direct) | In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source. | Guideline | ||
|
2021-11-03 20:15:08 | CVE-2021-22960 (lien direct) | The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. | Guideline | ||
|
2021-11-03 20:15:08 | CVE-2021-33800 (lien direct) | In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. | Guideline | ||
|
2021-11-03 18:15:08 | CVE-2021-23820 (lien direct) | This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays. | Vulnerability Guideline | ||
|
2021-11-03 18:15:08 | CVE-2021-23509 (lien direct) | This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays. | Vulnerability Guideline | ||
|
2021-11-03 18:15:08 | CVE-2021-23472 (lien direct) | This affects all versions of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set. | Vulnerability Guideline | ||
|
2021-11-03 18:15:08 | CVE-2021-23807 (lien direct) | This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays. | Vulnerability Guideline | ||
|
2021-11-03 18:15:08 | CVE-2021-23784 (lien direct) | This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability. | Guideline | ||
|
2021-11-03 18:15:08 | CVE-2021-23624 (lien direct) | This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays. | Vulnerability Guideline | ||
|
2021-11-03 11:15:08 | CVE-2021-40848 (lien direct) | In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection. | Guideline | ||
|
2021-11-03 01:15:07 | CVE-2021-38498 (lien direct) | During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. | Vulnerability Guideline | ||
|
2021-11-03 01:15:07 | CVE-2021-38497 (lien direct) | Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. | Vulnerability Guideline | ||
|
2021-11-02 22:15:09 | CVE-2021-43266 (lien direct) | In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. | Guideline | ||
|
2021-11-02 18:15:08 | CVE-2021-41019 (lien direct) | An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials. | Vulnerability Guideline | ||
|
2021-11-02 16:15:07 | CVE-2021-29738 (lien direct) | IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201302. | Guideline | ||
|
2021-11-02 16:15:07 | CVE-2021-29771 (lien direct) | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Vulnerability Guideline | ||
|
2021-11-02 13:15:07 | CVE-2021-36923 (lien direct) | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | Guideline | ||
|
2021-11-02 13:15:07 | CVE-2021-36924 (lien direct) | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device. | Guideline | ||
|
2021-11-02 13:15:07 | CVE-2021-36925 (lien direct) | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | Guideline | ||
|
2021-11-02 10:15:07 | CVE-2021-36560 (lien direct) | Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin. | Guideline | ||
|
2021-11-02 07:15:07 | CVE-2021-33593 (lien direct) | Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing. | Guideline | ||
|
2021-11-01 22:15:08 | CVE-2021-43058 (lien direct) | An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site. | Vulnerability Guideline | ||
|
2021-11-01 14:15:07 | CVE-2021-29212 (lien direct) | A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance. | Vulnerability Guideline | ||
|
2021-11-01 13:15:07 | CVE-2021-22563 (lien direct) | Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757 | Guideline | ||
|
2021-11-01 09:15:09 | CVE-2021-24808 (lien direct) | The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue | Guideline | ||
|
2021-11-01 09:15:08 | CVE-2020-36503 (lien direct) | The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue | Guideline | ||
|
2021-11-01 09:15:08 | CVE-2021-24539 (lien direct) | The Coming Soon, Under Construction & Maintenance Mode By Dazzler WordPress plugin before 1.6.7 does not sanitise or escape its description setting when outputting it in the frontend when the Coming Soon mode is enabled, even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue | Guideline | ||
|
2021-11-01 09:15:08 | CVE-2021-24570 (lien direct) | The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output in an attribute when editing a Button, leading to a Stored Cross-Site Scripting issue as well. | Guideline | ||
|
2021-11-01 09:15:08 | CVE-2015-20019 (lien direct) | The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues | Guideline | ★★★ |
To see everything:
Our RSS (filtrered)
