The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which...
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command. Date published : 2020-07-08 https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit...
An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the component to stop responding. Repeated attempts...
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all...
Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma...
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section. Date published :...
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section. Date published : 2020-07-08 https://discuss.phplist.org/t/phplist-3-5-5-has-been-released/6377 phpList 3.5.5 released: Security fixes and more
Server-Side Template Injection and arbitrary file disclosure on Camel templating components Date published : 2020-07-08 https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E https://www.oracle.com/security-alerts/cpuApr2021.html
Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation...
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy." Date published : 2020-07-07 https://support.hcltechsw.com/csm?id=kb_article&sys_id=cd5030b4dbbd101855f38d6d13961958 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080574
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." Date published : 2020-07-07 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080572&sys_kb_id=3668a078dbb9101855f38d6d13961955 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080572
WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter. Date published : 2020-07-07 https://sourceforge.net/p/webchess/bugs/81/
Froala Editor before 3.2.3 allows XSS. Date published : 2020-07-07 http://packetstormsecurity.com/files/158300/Froala-WYSIWYG-HTML-Editor-3.1.1-Cross-Site-Scripting.html https://blog.compass-security.com/2020/07/yet-another-froala-0-day-xss/