събота, 7 август 2021 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (43 items)

New vulnerabilities from the NVD: CVE-2020-20468

White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password.
Published at: June 21, 2021 at 07:15AM
View on website

June 21, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20467

White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.
Published at: June 21, 2021 at 07:15AM
View on website

June 21, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20466

White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user.
Published at: June 21, 2021 at 07:15AM
View on website

June 21, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20474

White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.
Published at: June 21, 2021 at 08:15AM
View on website

June 21, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20473

White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.
Published at: June 21, 2021 at 08:15AM
View on website

June 21, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20472

White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site.
Published at: June 21, 2021 at 08:15AM
View on website

June 21, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20471

White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.
Published at: June 21, 2021 at 08:15AM
View on website

June 21, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20470

White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability.
Published at: June 21, 2021 at 08:15AM
View on website

June 21, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20469

White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information.
Published at: June 21, 2021 at 08:15AM
View on website

June 21, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-7002

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 21, 2021 at 04:15PM
View on website

June 21, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21517

Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.
Published at: June 21, 2021 at 06:15PM
View on website

June 21, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25047

Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad.
Published at: June 21, 2021 at 06:15PM
View on website

June 21, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-25016

Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection.
Published at: June 21, 2021 at 06:15PM
View on website

June 21, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2007-1857

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 21, 2021 at 05:15PM
View on website

June 21, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2006-1053

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 21, 2021 at 05:15PM
View on website

June 21, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2006-0849

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 21, 2021 at 05:15PM
View on website

June 21, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2006-0740

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 21, 2021 at 05:15PM
View on website

June 21, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2006-0017

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 21, 2021 at 05:15PM
View on website

June 21, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2006-0016

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 21, 2021 at 05:15PM
View on website

June 21, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21130

Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in addgroup.html.
Published at: June 21, 2021 at 07:15PM
View on website

June 21, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19511

Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes,
Published at: June 21, 2021 at 10:15PM
View on website

June 21, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19510

Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.
Published at: June 21, 2021 at 10:15PM
View on website

June 21, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-1435

Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
Published at: June 22, 2021 at 02:15AM
View on website

June 22, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-1434

Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
Published at: June 22, 2021 at 02:15AM
View on website

June 22, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-1433

Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
Published at: June 22, 2021 at 02:15AM
View on website

June 22, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-1432

Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
Published at: June 22, 2021 at 02:15AM
View on website

June 22, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-0413

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 22, 2021 at 02:15AM
View on website

June 22, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-2486

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 22, 2021 at 02:15PM
View on website

June 22, 2021 at 03:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-2485

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 22, 2021 at 02:15PM
View on website

June 22, 2021 at 03:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-2475

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 22, 2021 at 02:15PM
View on website

June 22, 2021 at 03:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-3446

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Published at: June 22, 2021 at 03:15PM
View on website

June 22, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-3300

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
Published at: June 22, 2021 at 03:15PM
View on website

June 22, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-2804

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 22, 2021 at 03:15PM
View on website

June 22, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-2525

A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system.
Published at: June 22, 2021 at 03:15PM
View on website

June 22, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15732

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.
Published at: June 22, 2021 at 06:15PM
View on website

June 22, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-4816

It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.
Published at: June 22, 2021 at 05:15PM
View on website

June 22, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-4266

It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.
Published at: June 22, 2021 at 05:15PM
View on website

June 22, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-4264

It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
Published at: June 22, 2021 at 05:15PM
View on website

June 22, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2011-2926

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 23, 2021 at 06:15PM
View on website

June 23, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2011-1955

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 23, 2021 at 06:15PM
View on website

June 23, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2011-1942

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 23, 2021 at 06:15PM
View on website

June 23, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2011-1177

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 23, 2021 at 06:15PM
View on website

June 23, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2011-0023

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: June 23, 2021 at 05:15PM
View on website

June 23, 2021 at 07:36PM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар