CVE-2021-26746
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI
Source: CVE-2021-26746
[월:] 2021년 02월
CVE-2021-27405
CVE-2021-27405
A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.
Source: CVE-2021-27405
CVE-2019-25024
CVE-2019-25024
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.
Source: CVE-2019-25024
CVE-2021-27404
CVE-2021-27404
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.
Source: CVE-2021-27404
CVE-2021-27403
CVE-2021-27403
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.
Source: CVE-2021-27403
CVE-2020-19513
CVE-2020-19513
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.
Source: CVE-2020-19513
CVE-2021-26747
CVE-2021-26747
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.
Source: CVE-2021-26747
CVE-2021-26712
CVE-2021-26712
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
Source: CVE-2021-26712
CVE-2020-35591
CVE-2020-35591
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user’s account through the active session.
Source: CVE-2020-35591
CVE-2021-26717
CVE-2021-26717
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.
Source: CVE-2021-26717