Weekly Digest: New diabetes clinical trial (16 items)

New diabetes clinical trial: Freestyle Libre and Hospital Admissions in Type 2 Diabetes Published on: August 09, 2021 at 07:00PM Condition:   Type 2 Diabetes Interventions:   Device: Freestyle libre;   Other: Nurse led structured intervention - hypoglycaemia education and diabetes treatment modification modification Sponsors:   University of Leeds;   Abbott Diabetes Care Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04997512?term=diabetes&sfpd_d=14 August 09, 2021 at 05:22PM via ClinicalTrials.gov New diabetes clinical trial: Impact of Obesity, Chronic Kidney Disease and Type 2 Diabetes on Human Urinary Stem Cells Published on: August 10, 2021 at 07:00PM Conditions:   Chronic Kidney Diseases;   Obesity;   Stem Cells;   Diabetes type2 Intervention:   Biological: urine collection Sponsor:   Hospices Civils de Lyon Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04998461?term=diabetes&sfpd_d=14 August 10, 2021 at 05:23PM via ClinicalTrials.gov New diabetes clinical trial: The Effectiveness of Using a Mobile Application for Type 2 Diabetes Self-care Published on: August 10, 2021 at 07:00PM Conditions:   Type 2 Diabetes;   Diabetes Mellitus, Type 2;   Disease, Chronic;   Self-Care;   Health Behavior;   Mobile Apps;   Mobile Phone Use Intervention:   Other: Mobile app forDiabetes (Tessera Multimedia, 2020) Sponsor:   University Maribor Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04999189?term=diabetes&sfpd_d=14 August 10, 2021 at 05:23PM via ClinicalTrials.gov New diabetes clinical trial: A Study of Efficacy and Safety of Supaglutide in Type 2 Diabetes Patients On Metformin Treatmentmet Published on: August 10, 2021 at 07:00PM Condition:   Type2 Diabetes Interventions:   Biological: supaglutide injection+metformin;   Other: placebo+metformin Sponsor:   Shanghai Yinnuo Pharmaceutical Technology Co., Ltd. Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04998032?term=diabetes&sfpd_d=14 August 10, 2021 at 05:23PM via ClinicalTrials.gov New diabetes clinical trial: Characteristics of NAFLD Among Type 2 Diabetes Patients Published on: August 10, 2021 at 07:00PM Conditions:   Non-Alcoholic Fatty Liver Disease;   Type2 Diabetes Intervention:   Other: Screening and studying characteristics Sponsors:   Hasselt University;   Ziekenhuis Oost-Limburg Recruiting https://clinicaltrials.gov/ct2/show/NCT04999124?term=diabetes&sfpd_d=14 August 10, 2021 at 05:23PM via ClinicalTrials.gov New diabetes clinical trial: Establishment and Preliminary Evaluation of Digital Three Level Linkage Whole Process Diabetes Management System Published on: August 11, 2021 at 07:00PM Condition:   Diabetes Mellitus Interventions:   Behavioral: Traditional mode of management;   Behavioral: Mobile APP management Sponsor:   Chongqing Renji Hospital, University of Chinese Academy of Sciences Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04999722?term=diabetes&sfpd_d=14 August 11, 2021 at 05:22PM via ClinicalTrials.gov New diabetes clinical trial: Zinc Supplementation Improves Cardiovascular Morbidity in Patients With Diabetes Mellitus Published on: August 11, 2021 at 07:00PM Conditions:   Diabetes Mellitus, Type 2;   Cardiovascular Diseases Intervention:   Dietary Supplement: Zinc Sponsors:   Wayne State University;   QPathology Recruiting https://clinicaltrials.gov/ct2/show/NCT05000762?term=diabetes&sfpd_d=14 August 11, 2021 at 05:22PM via ClinicalTrials.gov New diabetes clinical trial: Integrating Abbott Point-of-Care Technologies and the Community Scientist Model to Support HbA1c Testing Per ADA Published on: August 11, 2021 at 07:00PM Conditions:   Diabetes Mellitus, Type 2;   Cardiovascular Diseases Intervention:   Behavioral: Enrollment in existing SDRI diabetes education programs Sponsors:   Sansum Diabetes Research Institute;   Abbott Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT05000840?term=diabetes&sfpd_d=14 August 11, 2021 at 05:22PM via ClinicalTrials.gov New diabetes clinical trial: Telemedicine-Delivered Cognitive Behavioral Therapy to Reduce Diabetes Distress Published on: August 11, 2021 at 07:00PM Condition:   Type 1 Diabetes Intervention:   Behavioral: Telemedicine-Delivered Cognitive Behavioral Therapy Sponsors:   Albert Einstein College of Medicine;   Juvenile Diabetes Research Foundation;   DexCom, Inc. Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT05000021?term=diabetes&sfpd_d=14 August 11, 2021 at 05:22PM via ClinicalTrials.gov New diabetes clinical trial: A Clinical Efficacy and Safety Study of Insulin Glargine U300 in Chinese Adult Patients With Uncontrolled Type 2 Diabetes Mellitus With a 3-month Extension Period Published on: August 12, 2021 at 07:00PM Condition:   Type 2 Diabetes Mellitus Intervention:   Drug: Insulin glargine 300 U/ml Sponsor:   Sanofi Recruiting https://clinicaltrials.gov/ct2/show/NCT05002933?term=diabetes&sfpd_d=14 August 12, 2021 at 04:22PM via ClinicalTrials.gov New diabetes clinical trial: Digitalized Management Exploration for Gestational Diabetes Mellitus in China Published on: August 12, 2021 at 07:00PM Condition:   Gestational Diabetes Mellitus in Pregnancy Intervention:   Other: Digitalized management Sponsors:   Women's Hospital School Of Medicine Zhejiang University;   Hangzhou Jianhai Technology Company Limited;   Quzhou Maternal and Child Health Care Hospital Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT05003154?term=diabetes&sfpd_d=14 August 12, 2021 at 04:22PM via ClinicalTrials.gov New diabetes clinical trial: CSII Versus MDI in Pregnant Women With Type 2 Diabetes Published on: August 12, 2021 at 07:00PM Conditions:   Type 2 Diabetes;   Pregnancy in Diabetic Interventions:   Device: Continuous subcutaneous insulin infusion (CSII);   Device: Multiple daily insulin injection (MDI) Sponsor:   Peking University Third Hospital Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT05001815?term=diabetes&sfpd_d=14 August 12, 2021 at 04:22PM via ClinicalTrials.gov New diabetes clinical trial: Exercise Intervention Combined With Metformin in the Treatment of Type 2 Diabetes Published on: August 13, 2021 at 07:00PM Condition:   Type 2 Diabetes Intervention:   Other: Exercise training Sponsor:   Prince Sattam Bin Abdulaziz University Completed https://clinicaltrials.gov/ct2/show/NCT05004948?term=diabetes&sfpd_d=14 August 13, 2021 at 03:22PM via ClinicalTrials.gov New diabetes clinical trial: The Effects of Glucose Control and Weight Loss Between Beinaglutide and Dulaglutide in Type 2 Diabetes With Overweight or Obesity. Published on: August 13, 2021 at 07:00PM Conditions:   Diabetes Mellitus, Type 2;   Overweight or Obesity Interventions:   Drug: Beinaglutide;   Drug: Dulaglutide Sponsors:   Second Xiangya Hospital of Central South University;   Guangdong Provincial People's Hospital;   First Affiliated Hospital of Harbin Medical University;   The First Affiliated Hospital of Henan University of Science and Technology Recruiting https://clinicaltrials.gov/ct2/show/NCT05005741?term=diabetes&sfpd_d=14 August 13, 2021 at 03:22PM via ClinicalTrials.gov New diabetes clinical trial: Safety of Cultured Allogeneic Adult Umbilical Cord Derived Mesenchymal Stem Cell Intravenous Infusion for Diabetes Published on: August 13, 2021 at 07:00PM Condition:   Diabetes Intervention:   Biological: AlloRx Sponsor:   The Foundation for Orthopaedics and Regenerative Medicine Recruiting https://clinicaltrials.gov/ct2/show/NCT05003908?term=diabetes&sfpd_d=14 August 13, 2021 at 03:22PM via ClinicalTrials.gov New diabetes clinical trial: A Study to Learn More About Chronic Kidney Disease (CKD) in Patients With Type 2 Diabetes Mellitus (T2DM) Published on: August 13, 2021 at 07:00PM Conditions:   Type 2 Diabetes Mellitus;   Chronic Kidney Disease Intervention:   Other: No intervention Sponsor:   Bayer Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT05004428?term=diabetes&sfpd_d=14 August 13, 2021 at 03:22PM via ClinicalTrials.gov

Weekly Digest: a new vulnerability is published on the National Vulnerability Database (64 items)

New vulnerabilities from the NVD: CVE-2020-36434 An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free. Published at: August 08, 2021 at 09:15AM View on website August 08, 2021 at 01:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-36433 An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement. Published at: August 08, 2021 at 09:15AM View on website August 08, 2021 at 01:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-36432 An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new(). Published at: August 08, 2021 at 09:15AM View on website August 08, 2021 at 01:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17865 ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17862 ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17861 ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-7731 SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-2074 The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-2073 The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-9320 SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-6276 ** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models. Published at: August 09, 2021 at 09:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-4718 Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-4717 Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-24742 An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. Published at: August 10, 2021 at 01:15AM View on website August 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-24741 An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrary attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. Published at: August 10, 2021 at 01:15AM View on website August 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-23151 rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped. Published at: August 10, 2021 at 02:15AM View on website August 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-23150 A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php. Published at: August 10, 2021 at 02:15AM View on website August 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-23149 The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information. Published at: August 10, 2021 at 02:15AM View on website August 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-23148 The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request. Published at: August 10, 2021 at 02:15AM View on website August 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-28397 A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once. Published at: August 10, 2021 at 02:15PM View on website August 10, 2021 at 03:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-25082 An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy. Published at: August 10, 2021 at 08:15PM View on website August 10, 2021 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-23172 A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives. Published at: August 10, 2021 at 08:15PM View on website August 10, 2021 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-23171 A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file. Published at: August 10, 2021 at 08:15PM View on website August 10, 2021 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21697 A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21690 A memory leak in the grow_array function in cmdutils.c og Ffmpeg 4.2 allows attackers to cause a denial of service (DOS) via a crafted ogg file. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21688 A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21684 A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21683 A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21682 A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21681 A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21680 A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21678 A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21677 A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21676 A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21675 A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21930 A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. Published at: August 11, 2021 at 01:15AM View on website August 11, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21929 A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. Published at: August 11, 2021 at 01:15AM View on website August 11, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25052 In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. Published at: August 11, 2021 at 06:15PM View on website August 11, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21363 An arbitrary file deletion vulnerability exists within Maccms10. Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21362 A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter. Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21359 An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name. Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-16632 In SapphireIMS 4097_1, the password in the database is stored in Base64 format. Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-16631 In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality. Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-16630 In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function. Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-16629 In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again." Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20981 A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information. Published at: August 12, 2021 at 06:15PM View on website August 12, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20979 An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code. Published at: August 12, 2021 at 06:15PM View on website August 12, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20977 A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section. Published at: August 12, 2021 at 06:15PM View on website August 12, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20975 In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter. Published at: August 12, 2021 at 06:15PM View on website August 12, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18446 Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php. Published at: August 12, 2021 at 08:15PM View on website August 12, 2021 at 09:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18445 Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php. Published at: August 12, 2021 at 08:15PM View on website August 12, 2021 at 09:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18464 Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information. Published at: August 12, 2021 at 10:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18463 Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message. Published at: August 12, 2021 at 10:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18462 File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file. Published at: August 12, 2021 at 10:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18460 Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content. Published at: August 12, 2021 at 10:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18458 Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. Published at: August 12, 2021 at 10:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18457 Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html. Published at: August 12, 2021 at 09:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18456 Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php. Published at: August 12, 2021 at 09:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18455 Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php. Published at: August 12, 2021 at 09:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18454 Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html. Published at: August 12, 2021 at 09:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18451 Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php. Published at: August 12, 2021 at 09:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18449 Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php Published at: August 12, 2021 at 09:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18754 An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100. Published at: August 13, 2021 at 08:15PM View on website August 13, 2021 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18753 An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet. Published at: August 13, 2021 at 08:15PM View on website August 13, 2021 at 09:33PM via National Vulnerability Database