Monthly Archive: August 2020

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site...

Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a...

Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. Date published : 2020-08-26 https://github.com/inflixim4be/Brute-Force-on-Umanni-RH https://www.umanni.com.br/

webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." Date published : 2020-08-26 https://sourceforge.net/p/webtareas/tickets/41/

WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature. Date published : 2020-08-26 https://github.com/r0ck3t1973/xss_payload/issues/1

PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. Date published : 2020-08-26 https://github.com/php-fusion/PHP-Fusion/issues/2325

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." Date published : 2020-08-26 https://github.com/NavigateCMS/Navigate-CMS/issues/11

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content." Date published : 2020-08-26 https://github.com/NavigateCMS/Navigate-CMS/issues/12

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." Date published : 2020-08-26 https://github.com/NavigateCMS/Navigate-CMS/issues/11

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop." Date published : 2020-08-26 https://github.com/NavigateCMS/Navigate-CMS/issues/10

Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user’s browser. Date published : 2020-08-26 https://github.com/halo-dev/halo/issues/547

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user...

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1. Date published : 2020-08-26...

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. Date published : 2020-08-26...