» 2021 » 3월

CVE-2021-27890

Posted on 2021년 3월 16일2021년 3월 16일 by admin

CVE-2021-27890

SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.

Source: CVE-2021-27890

CVE-2021-27947

Posted on 2021년 3월 16일2021년 3월 16일 by admin

CVE-2021-27947

SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).

Source: CVE-2021-27947

CVE-2021-22191

Posted on 2021년 3월 16일2021년 3월 16일 by admin

CVE-2021-22191

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.

Source: CVE-2021-22191

CVE-2020-29556

Posted on 2021년 3월 16일2021년 3월 16일 by admin

CVE-2020-29556

The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)

Source: CVE-2020-29556

CVE-2020-29555

Posted on 2021년 3월 16일2021년 3월 16일 by admin

CVE-2020-29555

The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)

Source: CVE-2020-29555

CVE-2021-20286

Posted on 2021년 3월 16일2021년 3월 16일 by admin

CVE-2021-20286

A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.

Source: CVE-2021-20286

CVE-2020-28149

Posted on 2021년 3월 16일2021년 3월 16일 by admin

CVE-2020-28149

myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS.

Source: CVE-2020-28149

CVE-2020-24982

Posted on 2021년 3월 16일2021년 3월 16일 by admin

CVE-2020-24982

An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account.

Source: CVE-2020-24982

CVE-2020-24985

Posted on 2021년 3월 16일2021년 3월 16일 by admin

CVE-2020-24985

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads.

Source: CVE-2020-24985

CVE-2021-27380

Posted on 2021년 3월 16일2021년 3월 16일 by admin

CVE-2021-27380

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3), Solid Edge SE2021 (SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532)

Source: CVE-2021-27380