CVE-2021-30459
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
Source: CVE-2021-30459
CVE-2021-26031
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
Source: CVE-2021-26031
CVE-2021-26030
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page
Source: CVE-2021-26030
CVE-2021-28484
An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.
Source: CVE-2021-28484
CVE-2021-29654
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.
Source: CVE-2021-29654
CVE-2021-27710
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc’s system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS.
Source: CVE-2021-27710
CVE-2021-3017
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
Source: CVE-2021-3017
CVE-2020-28124
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.
Source: CVE-2020-28124
CVE-2020-35660
Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.
Source: CVE-2020-35660
CVE-2021-28826
The Windows Installation component of TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Community Edition and TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Community Edition: versions 1.3.0 and below and TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Enterprise Edition: versions 1.3.0 and below.
Source: CVE-2021-28826