CVE-2020-21363
An arbitrary file deletion vulnerability exists within Maccms10.
Source: CVE-2020-21363
CVE-2020-21363
An arbitrary file deletion vulnerability exists within Maccms10.
Source: CVE-2020-21363
CVE-2020-25560
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping�, “traceroute� and “snmp� functions and execute code on the server. We also observed the same is true if the JSESSIONID is completely removed.
Source: CVE-2020-25560
CVE-2020-21362
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the ‘wd’ parameter.
Source: CVE-2020-21362
CVE-2020-21359
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file’s name.
Source: CVE-2020-21359
CVE-2017-16631
In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.
Source: CVE-2017-16631
CVE-2017-16629
In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" – it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" – it gives an error "Authentication failed. Please login again."
Source: CVE-2017-16629
CVE-2017-16630
In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.
Source: CVE-2017-16630
CVE-2017-16632
In SapphireIMS 4097_1, the password in the database is stored in Base64 format.
Source: CVE-2017-16632
CVE-2021-32440
The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
Source: CVE-2021-32440
CVE-2021-32439
Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
Source: CVE-2021-32439