» 2021 » 5월

CVE-2021-32632

Posted on 2021년 5월 21일2021년 5월 21일 by admin

CVE-2021-32632

Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnerable to cross-site request forgery (CSRF). Hosters of the bot should upgrade to `v1.52` or `stable` to install the patch or, as a workaround, can add one modern dependency.

Source: CVE-2021-32632

CVE-2020-21057

Posted on 2021년 5월 21일2021년 5월 21일 by admin

CVE-2020-21057

Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.

Source: CVE-2020-21057

CVE-2020-21055

Posted on 2021년 5월 21일2021년 5월 21일 by admin

CVE-2020-21055

A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in appeditfilerename.php.

Source: CVE-2020-21055

CVE-2020-21054

Posted on 2021년 5월 21일2021년 5월 21일 by admin

CVE-2020-21054

Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in appvarsvars_textarea.php.

Source: CVE-2020-21054

CVE-2021-27432

Posted on 2021년 5월 21일2021년 5월 21일 by admin

CVE-2021-27432

OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.

Source: CVE-2021-27432

CVE-2020-35580

Posted on 2021년 5월 21일2021년 5월 21일 by admin

CVE-2020-35580

A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin’s API key and the base64 encoded SHA1 password hashes of other SearchBlox users.

Source: CVE-2020-35580

CVE-2020-21056

Posted on 2021년 5월 21일2021년 5월 21일 by admin

CVE-2020-21056

Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to appeditfoldernew.php.

Source: CVE-2020-21056

CVE-2020-21053

Posted on 2021년 5월 21일2021년 5월 21일 by admin

CVE-2020-21053

Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in appdevicesdevice_imports.php.

Source: CVE-2020-21053

CVE-2021-29687

Posted on 2021년 5월 21일2021년 5월 21일 by admin

CVE-2021-29687

IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018

Source: CVE-2021-29687

CVE-2021-29686

Posted on 2021년 5월 21일2021년 5월 21일 by admin

CVE-2021-29686

IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015

Source: CVE-2021-29686