CVE-2021-1566

A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests.

Source: CVE-2021-1566

CVE-2021-1543

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.

Source: CVE-2021-1543

CVE-2021-1541

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.

Source: CVE-2021-1541

CVE-2021-1542

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.

Source: CVE-2021-1542

CVE-2020-22208

SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.

Source: CVE-2020-22208

CVE-2020-22209

SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.

Source: CVE-2020-22209

CVE-2020-22210

SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.

Source: CVE-2020-22210

CVE-2020-22211

SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.

Source: CVE-2020-22211

CVE-2020-22212

SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php.

Source: CVE-2020-22212

CVE-2020-22205

SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php.

Source: CVE-2020-22205