» 2021 » 9월

CVE-2021-37422

Posted on 2021년 9월 11일2021년 9월 11일 by admin

CVE-2021-37422

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.

Source: CVE-2021-37422

CVE-2021-37423

Posted on 2021년 9월 11일2021년 9월 11일 by admin

CVE-2021-37423

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.

Source: CVE-2021-37423

CVE-2021-37418

Posted on 2021년 9월 11일2021년 9월 11일 by admin

CVE-2021-37418

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-31874. Reason: This candidate is a reservation duplicate of CVE-2021-31874. Notes: All CVE users should reference CVE-2021-31874 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Source: CVE-2021-37418

CVE-2021-37414

Posted on 2021년 9월 11일2021년 9월 11일 by admin

CVE-2021-37414

Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user’s APIKEY without authentication.

Source: CVE-2021-37414

CVE-2021-40373

Posted on 2021년 9월 10일2021년 9월 11일 by admin

CVE-2021-40373

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.

Source: CVE-2021-40373

CVE-2021-38360

Posted on 2021년 9월 10일2021년 9월 11일 by admin

CVE-2021-38360

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0.

Source: CVE-2021-38360

CVE-2021-38359

Posted on 2021년 9월 10일2021년 9월 11일 by admin

CVE-2021-38359

The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1.

Source: CVE-2021-38359

CVE-2021-38358

Posted on 2021년 9월 10일2021년 9월 11일 by admin

CVE-2021-38358

The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1.

Source: CVE-2021-38358

CVE-2021-38357

Posted on 2021년 9월 10일2021년 9월 11일 by admin

CVE-2021-38357

The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.

Source: CVE-2021-38357

CVE-2021-38347

Posted on 2021년 9월 10일2021년 9월 11일 by admin

CVE-2021-38347

The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.

Source: CVE-2021-38347