понеделник, 9 август 2021 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (51 items)

New vulnerabilities from the NVD: CVE-2020-26763

The Rocket.Chat desktop application 2.17.11 opens external links without user interaction.
Published at: July 05, 2021 at 06:15PM
View on website

July 05, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23697

Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.
Published at: July 07, 2021 at 12:15AM
View on website

July 07, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-22251

Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.
Published at: July 06, 2021 at 11:15PM
View on website

July 07, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-22249

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution
Published at: July 06, 2021 at 11:15PM
View on website

July 07, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-20776

Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.
Published at: July 07, 2021 at 11:15AM
View on website

July 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-20739

WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors.
Published at: July 07, 2021 at 11:15AM
View on website

July 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-20738

WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors.
Published at: July 07, 2021 at 11:15AM
View on website

July 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25925

Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25868

Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service).
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24149

Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page.
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24148

Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24147

Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field.
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24146

Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action.
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24145

Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action.
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24144

Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation.
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24143

Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter.
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24142

Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24141

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24038

myFax version 229 logs sensitive information in the export log module which allows any user to access critical information.
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20225

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20216

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20215

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20213

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20212

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20211

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
Published at: July 07, 2021 at 05:15PM
View on website

July 07, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23702

Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php.
Published at: July 07, 2021 at 10:15PM
View on website

July 07, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23700

Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature.
Published at: July 07, 2021 at 10:15PM
View on website

July 07, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2008-1879

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: July 08, 2021 at 12:15AM
View on website

July 08, 2021 at 01:38AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2007-5002

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: July 08, 2021 at 12:15AM
View on website

July 08, 2021 at 01:38AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-28598

An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Published at: July 08, 2021 at 03:15PM
View on website

July 08, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20217

Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
Published at: July 08, 2021 at 03:15PM
View on website

July 08, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20586

A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.
Published at: July 08, 2021 at 07:15PM
View on website

July 08, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20585

A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.
Published at: July 08, 2021 at 07:15PM
View on website

July 08, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20584

A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/.
Published at: July 08, 2021 at 07:15PM
View on website

July 08, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20583

A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information.
Published at: July 08, 2021 at 07:15PM
View on website

July 08, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20582

A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information.
Published at: July 08, 2021 at 07:15PM
View on website

July 08, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18741

Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."
Published at: July 08, 2021 at 08:15PM
View on website

July 08, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23580

Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board.
Published at: July 08, 2021 at 10:15PM
View on website

July 08, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20363

Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php.
Published at: July 08, 2021 at 09:15PM
View on website

July 08, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-2666

golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
Published at: July 09, 2021 at 02:15PM
View on website

July 09, 2021 at 03:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-1102

It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.
Published at: July 09, 2021 at 02:15PM
View on website

July 09, 2021 at 03:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-6688

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: July 09, 2021 at 03:15PM
View on website

July 09, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-5632

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: July 09, 2021 at 03:15PM
View on website

July 09, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-4509

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: July 09, 2021 at 03:15PM
View on website

July 09, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-2689

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: July 09, 2021 at 03:15PM
View on website

July 09, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-2659

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: July 09, 2021 at 04:15PM
View on website

July 09, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-1609

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: July 09, 2021 at 04:15PM
View on website

July 09, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-0832

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: July 09, 2021 at 04:15PM
View on website

July 09, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-0816

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Published at: July 09, 2021 at 04:15PM
View on website

July 09, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-22535

Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php.
Published at: July 09, 2021 at 07:15PM
View on website

July 09, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21333

Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case.
Published at: July 09, 2021 at 08:15PM
View on website

July 09, 2021 at 09:36PM

via National Vulnerability Database



Няма коментари:

Публикуване на коментар

Етикети

имена (151) Ски (140) уеб камери (128) Право (121) документи (111) Grand Tour (102) video (100) Ski (97) webcams (93) skiing weather (83) ski resort information (82) банки (66) ски курорти (60) Маркетинг (45) Рила (40) snow reports (37) икономика (35) София (34) Боровец (33) Borovets (27) Родопи (27) история (27) Банско (26) Пампорово (23) проекти (23) здраве (21) интернет (21) планини (21) смях (21) екипировка (20) карта (20) Pamporovo (19) Rila (19) Time (19) health (19) море (19) Bansko (17) лифт (17) resort information (16) eco (15) раница (15) цени (15) язовир (15) Стара Планина (14) връзки (14) деца (14) пътувания (14) хижа (14) Marketing (13) bike (13) Витоша (13) Пирин (13) snow forecast (12) буква С (12) данъци (12) лавини (12) магазини (12) Алеко (11) буква В (11) буква М (11) freeskiing (10) Маршрути (10) буква А (10) ski abroad (9) Пловдив (9) буква Д (9) отбрана (9) празник (9) първа помощ (9) ски чужбина (9) термини (9) map ski area (8) буква Б (8) буква К (8) календар (8) old applications (7) Чепеларе (7) архитектура (7) буква Г (7) буква Н (7) поддръжка на ски (7) сняг (7) футбол (7) буква Е (6) буква Л (6) буква П (6) буква Т (6) видео (6) годишнини (6) град (6) именни дни (6) къщи (6) трафик (6) хидро (6) Rodopy (5) Skype (5) Sofia (5) YouTube (5) vlog (5) буква И (5) буква Х (5) влог (5) кино (5) литература (5) очила (5) село (5) снимка (5) спорт (5) EU projects (4) Ski Bindings (4) boots (4) gsm (4) smart phone (4) Нотариус (4) буква З (4) буква Ф (4) енергетика (4) ски учител (4) слама (4) състезание (4) туризъм (4) упражнения (4) Aleko (3) Maliovitsa (3) Physics (3) Tyrolia (3) brand (3) climb (3) mass (3) sexy (3) shoe size (3) Безбог (3) Мальовица (3) Узана (3) автомобил (3) безопастност (3) буква Ц (3) буква Ш (3) влак (3) времето в момента (3) докторантури (3) недвижими имоти (3) поща (3) пропаганда (3) пълномощно (3) статистика (3) строителство (3) теснолинейка (3) DIN (2) NASA (2) Release Setting (2) Rossignol (2) Vitosha (2) clothes sizes (2) file hosting (2) franchaise (2) relativity (2) replace (2) search (2) БАССЕС (2) Благоевград (2) Добринище (2) Здравец (2) Лале (2) Мусала (2) Осогово (2) Средна гора (2) бедствие (2) буква Ж (2) буква Й (2) буква О (2) буква У (2) буква Ч (2) буква Щ (2) буква Я (2) геометрия (2) гора (2) еко (2) екология (2) електроенергия (2) космос (2) магистрала (2) местност (2) очи (2) парк (2) плакат (2) планиране (2) световно (2) технологии (2) упътвания (2) явление (2) F1 (1) FIS (1) Fieberbrunn (1) Hamlet (1) Hopfgarten (1) Kirchberg (1) Macedonia (1) Norway (1) Reit im Winkl (1) Scheffau (1) Shakespeare (1) Solomon (1) St Johann (1) Söll (1) Tirol (1) Walchsee (1) Zahmer Kaiser (1) apple (1) drone (1) h Pleven (1) hypnosis (1) ibooks (1) ipad (1) iphone (1) ipod (1) mathematic (1) skate (1) tablet (1) telemark (1) trekking (1) Бачево (1) Беклемето (1) Бяла Черква (1) ВЕИ (1) Вежен (1) Ветровал (1) Гела (1) Горна Оряховица (1) Добрила (1) Информация за фирми (1) Камчатка (1) Карлово (1) Картала (1) Кицбюел (1) Ком (1) Копривки (1) Копривщица (1) Леденото езеро (1) Мерцедес (1) Михаел Шумахер (1) Норвегия (1) Офелиите (1) Панагюрище (1) Предела (1) Румъния (1) Русия (1) САЩ (1) Самоков (1) Студенец (1) Формула 1 (1) Църна Могила (1) Черни Връх (1) Япония (1) автомати (1) биатлон (1) био (1) буква Р (1) буква Ъ (1) буква Ь (1) буква Ю (1) великия пост (1) гра (1) градоустройство (1) дрехи (1) дърво (1) запалка (1) култура (1) ландшафт (1) математика (1) мода (1) музей (1) мъдрости (1) олимпиада (1) поддръжка (1) потребители (1) програма (1) реклама (1) синя зона (1) фото (1) х. Дерменка (1) храна (1)