събота, 21 август 2021 г.

Weekly Digest: New diabetes clinical trial (16 items)

New diabetes clinical trial: Freestyle Libre and Hospital Admissions in Type 2 Diabetes

Published on: August 09, 2021 at 07:00PM
Condition:   Type 2 Diabetes
Interventions:   Device: Freestyle libre;   Other: Nurse led structured intervention - hypoglycaemia education and diabetes treatment modification modification
Sponsors:   University of Leeds;   Abbott Diabetes Care
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04997512?term=diabetes&sfpd_d=14 August 09, 2021 at 05:22PM

via ClinicalTrials.gov


New diabetes clinical trial: Impact of Obesity, Chronic Kidney Disease and Type 2 Diabetes on Human Urinary Stem Cells

Published on: August 10, 2021 at 07:00PM
Conditions:   Chronic Kidney Diseases;   Obesity;   Stem Cells;   Diabetes type2
Intervention:   Biological: urine collection
Sponsor:   Hospices Civils de Lyon
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04998461?term=diabetes&sfpd_d=14 August 10, 2021 at 05:23PM

via ClinicalTrials.gov


New diabetes clinical trial: The Effectiveness of Using a Mobile Application for Type 2 Diabetes Self-care

Published on: August 10, 2021 at 07:00PM
Conditions:   Type 2 Diabetes;   Diabetes Mellitus, Type 2;   Disease, Chronic;   Self-Care;   Health Behavior;   Mobile Apps;   Mobile Phone Use
Intervention:   Other: Mobile app forDiabetes (Tessera Multimedia, 2020)
Sponsor:   University Maribor
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04999189?term=diabetes&sfpd_d=14 August 10, 2021 at 05:23PM

via ClinicalTrials.gov


New diabetes clinical trial: A Study of Efficacy and Safety of Supaglutide in Type 2 Diabetes Patients On Metformin Treatmentmet

Published on: August 10, 2021 at 07:00PM
Condition:   Type2 Diabetes
Interventions:   Biological: supaglutide injection+metformin;   Other: placebo+metformin
Sponsor:   Shanghai Yinnuo Pharmaceutical Technology Co., Ltd.
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04998032?term=diabetes&sfpd_d=14 August 10, 2021 at 05:23PM

via ClinicalTrials.gov


New diabetes clinical trial: Characteristics of NAFLD Among Type 2 Diabetes Patients

Published on: August 10, 2021 at 07:00PM
Conditions:   Non-Alcoholic Fatty Liver Disease;   Type2 Diabetes
Intervention:   Other: Screening and studying characteristics
Sponsors:   Hasselt University;   Ziekenhuis Oost-Limburg
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04999124?term=diabetes&sfpd_d=14 August 10, 2021 at 05:23PM

via ClinicalTrials.gov


New diabetes clinical trial: Establishment and Preliminary Evaluation of Digital Three Level Linkage Whole Process Diabetes Management System

Published on: August 11, 2021 at 07:00PM
Condition:   Diabetes Mellitus
Interventions:   Behavioral: Traditional mode of management;   Behavioral: Mobile APP management
Sponsor:   Chongqing Renji Hospital, University of Chinese Academy of Sciences
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04999722?term=diabetes&sfpd_d=14 August 11, 2021 at 05:22PM

via ClinicalTrials.gov


New diabetes clinical trial: Zinc Supplementation Improves Cardiovascular Morbidity in Patients With Diabetes Mellitus

Published on: August 11, 2021 at 07:00PM
Conditions:   Diabetes Mellitus, Type 2;   Cardiovascular Diseases
Intervention:   Dietary Supplement: Zinc
Sponsors:   Wayne State University;   QPathology
Recruiting
https://clinicaltrials.gov/ct2/show/NCT05000762?term=diabetes&sfpd_d=14 August 11, 2021 at 05:22PM

via ClinicalTrials.gov


New diabetes clinical trial: Integrating Abbott Point-of-Care Technologies and the Community Scientist Model to Support HbA1c Testing Per ADA

Published on: August 11, 2021 at 07:00PM
Conditions:   Diabetes Mellitus, Type 2;   Cardiovascular Diseases
Intervention:   Behavioral: Enrollment in existing SDRI diabetes education programs
Sponsors:   Sansum Diabetes Research Institute;   Abbott
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05000840?term=diabetes&sfpd_d=14 August 11, 2021 at 05:22PM

via ClinicalTrials.gov


New diabetes clinical trial: Telemedicine-Delivered Cognitive Behavioral Therapy to Reduce Diabetes Distress

Published on: August 11, 2021 at 07:00PM
Condition:   Type 1 Diabetes
Intervention:   Behavioral: Telemedicine-Delivered Cognitive Behavioral Therapy
Sponsors:   Albert Einstein College of Medicine;   Juvenile Diabetes Research Foundation;   DexCom, Inc.
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05000021?term=diabetes&sfpd_d=14 August 11, 2021 at 05:22PM

via ClinicalTrials.gov


New diabetes clinical trial: A Clinical Efficacy and Safety Study of Insulin Glargine U300 in Chinese Adult Patients With Uncontrolled Type 2 Diabetes Mellitus With a 3-month Extension Period

Published on: August 12, 2021 at 07:00PM
Condition:   Type 2 Diabetes Mellitus
Intervention:   Drug: Insulin glargine 300 U/ml
Sponsor:   Sanofi
Recruiting
https://clinicaltrials.gov/ct2/show/NCT05002933?term=diabetes&sfpd_d=14 August 12, 2021 at 04:22PM

via ClinicalTrials.gov


New diabetes clinical trial: Digitalized Management Exploration for Gestational Diabetes Mellitus in China

Published on: August 12, 2021 at 07:00PM
Condition:   Gestational Diabetes Mellitus in Pregnancy
Intervention:   Other: Digitalized management
Sponsors:   Women's Hospital School Of Medicine Zhejiang University;   Hangzhou Jianhai Technology Company Limited;   Quzhou Maternal and Child Health Care Hospital
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05003154?term=diabetes&sfpd_d=14 August 12, 2021 at 04:22PM

via ClinicalTrials.gov


New diabetes clinical trial: CSII Versus MDI in Pregnant Women With Type 2 Diabetes

Published on: August 12, 2021 at 07:00PM
Conditions:   Type 2 Diabetes;   Pregnancy in Diabetic
Interventions:   Device: Continuous subcutaneous insulin infusion (CSII);   Device: Multiple daily insulin injection (MDI)
Sponsor:   Peking University Third Hospital
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05001815?term=diabetes&sfpd_d=14 August 12, 2021 at 04:22PM

via ClinicalTrials.gov


New diabetes clinical trial: Exercise Intervention Combined With Metformin in the Treatment of Type 2 Diabetes

Published on: August 13, 2021 at 07:00PM
Condition:   Type 2 Diabetes
Intervention:   Other: Exercise training
Sponsor:   Prince Sattam Bin Abdulaziz University
Completed
https://clinicaltrials.gov/ct2/show/NCT05004948?term=diabetes&sfpd_d=14 August 13, 2021 at 03:22PM

via ClinicalTrials.gov


New diabetes clinical trial: The Effects of Glucose Control and Weight Loss Between Beinaglutide and Dulaglutide in Type 2 Diabetes With Overweight or Obesity.

Published on: August 13, 2021 at 07:00PM
Conditions:   Diabetes Mellitus, Type 2;   Overweight or Obesity
Interventions:   Drug: Beinaglutide;   Drug: Dulaglutide
Sponsors:   Second Xiangya Hospital of Central South University;   Guangdong Provincial People's Hospital;   First Affiliated Hospital of Harbin Medical University;   The First Affiliated Hospital of Henan University of Science and Technology
Recruiting
https://clinicaltrials.gov/ct2/show/NCT05005741?term=diabetes&sfpd_d=14 August 13, 2021 at 03:22PM

via ClinicalTrials.gov


New diabetes clinical trial: Safety of Cultured Allogeneic Adult Umbilical Cord Derived Mesenchymal Stem Cell Intravenous Infusion for Diabetes

Published on: August 13, 2021 at 07:00PM
Condition:   Diabetes
Intervention:   Biological: AlloRx
Sponsor:   The Foundation for Orthopaedics and Regenerative Medicine
Recruiting
https://clinicaltrials.gov/ct2/show/NCT05003908?term=diabetes&sfpd_d=14 August 13, 2021 at 03:22PM

via ClinicalTrials.gov


New diabetes clinical trial: A Study to Learn More About Chronic Kidney Disease (CKD) in Patients With Type 2 Diabetes Mellitus (T2DM)

Published on: August 13, 2021 at 07:00PM
Conditions:   Type 2 Diabetes Mellitus;   Chronic Kidney Disease
Intervention:   Other: No intervention
Sponsor:   Bayer
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05004428?term=diabetes&sfpd_d=14 August 13, 2021 at 03:22PM

via ClinicalTrials.gov


Weekly Digest: a new vulnerability is published on the National Vulnerability Database (64 items)

New vulnerabilities from the NVD: CVE-2020-36434

An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free.
Published at: August 08, 2021 at 09:15AM
View on website

August 08, 2021 at 01:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-36433

An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement.
Published at: August 08, 2021 at 09:15AM
View on website

August 08, 2021 at 01:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-36432

An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new().
Published at: August 08, 2021 at 09:15AM
View on website

August 08, 2021 at 01:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-17865

** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-17862

** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-17861

** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-7731

SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-2074

The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-2073

The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-9320

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-6276

** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models.
Published at: August 09, 2021 at 09:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-4718

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-4717

Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24742

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
Published at: August 10, 2021 at 01:15AM
View on website

August 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24741

An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrary attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
Published at: August 10, 2021 at 01:15AM
View on website

August 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23151

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.
Published at: August 10, 2021 at 02:15AM
View on website

August 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23150

A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.
Published at: August 10, 2021 at 02:15AM
View on website

August 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23149

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information.
Published at: August 10, 2021 at 02:15AM
View on website

August 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23148

The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request.
Published at: August 10, 2021 at 02:15AM
View on website

August 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-28397

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.
Published at: August 10, 2021 at 02:15PM
View on website

August 10, 2021 at 03:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25082

An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.
Published at: August 10, 2021 at 08:15PM
View on website

August 10, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23172

A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.
Published at: August 10, 2021 at 08:15PM
View on website

August 10, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23171

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.
Published at: August 10, 2021 at 08:15PM
View on website

August 10, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21697

A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21690

A memory leak in the grow_array function in cmdutils.c og Ffmpeg 4.2 allows attackers to cause a denial of service (DOS) via a crafted ogg file.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21688

A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21684

A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21683

A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21682

A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21681

A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21680

A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21678

A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21677

A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21676

A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21675

A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21930

A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
Published at: August 11, 2021 at 01:15AM
View on website

August 11, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21929

A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
Published at: August 11, 2021 at 01:15AM
View on website

August 11, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25052

In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
Published at: August 11, 2021 at 06:15PM
View on website

August 11, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21363

An arbitrary file deletion vulnerability exists within Maccms10.
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21362

A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21359

An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-16632

In SapphireIMS 4097_1, the password in the database is stored in Base64 format.
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-16631

In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-16630

In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-16629

In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again."
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20981

A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
Published at: August 12, 2021 at 06:15PM
View on website

August 12, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20979

An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.
Published at: August 12, 2021 at 06:15PM
View on website

August 12, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20977

A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.
Published at: August 12, 2021 at 06:15PM
View on website

August 12, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20975

In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.
Published at: August 12, 2021 at 06:15PM
View on website

August 12, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18446

Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php.
Published at: August 12, 2021 at 08:15PM
View on website

August 12, 2021 at 09:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18445

Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php.
Published at: August 12, 2021 at 08:15PM
View on website

August 12, 2021 at 09:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18464

Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information.
Published at: August 12, 2021 at 10:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18463

Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message.
Published at: August 12, 2021 at 10:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18462

File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file.
Published at: August 12, 2021 at 10:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18460

Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content.
Published at: August 12, 2021 at 10:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18458

Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.
Published at: August 12, 2021 at 10:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18457

Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html.
Published at: August 12, 2021 at 09:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18456

Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php.
Published at: August 12, 2021 at 09:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18455

Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php.
Published at: August 12, 2021 at 09:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18454

Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html.
Published at: August 12, 2021 at 09:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18451

Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php.
Published at: August 12, 2021 at 09:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18449

Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php
Published at: August 12, 2021 at 09:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18754

An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.
Published at: August 13, 2021 at 08:15PM
View on website

August 13, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18753

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet.
Published at: August 13, 2021 at 08:15PM
View on website

August 13, 2021 at 09:33PM

via National Vulnerability Database