» 2021 » 6월

Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,

Source: CVE-2021-28977

CVE-2021-31585

Posted on 2021년 6월 23일2021년 6월 24일 by admin

CVE-2021-31585

Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access.

Source: CVE-2021-31585

CVE-2021-21999

Posted on 2021년 6월 23일2021년 6월 24일 by admin

CVE-2021-21999

VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf’ in an unrestricted directory which would allow code to be executed with elevated privileges.

Source: CVE-2021-21999

CVE-2021-31586

Posted on 2021년 6월 23일2021년 6월 24일 by admin

CVE-2021-31586

Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search.

Source: CVE-2021-31586

CVE-2021-21998

Posted on 2021년 6월 23일2021년 6월 24일 by admin

CVE-2021-21998

VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.

Source: CVE-2021-21998