Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. Date published : 2020-09-24 https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0010 https://www.mitel.com/support/security-advisories
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. Date published : 2020-09-24 https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0010 https://www.mitel.com/support/security-advisories
An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127×9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as...
A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks...
Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information. Date published : 2020-09-24 https://help.untis.at/hc/en-150/articles/360008456699 Notenmanipulation in elektronischen Klassenbüchern
SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter. Date published : 2020-09-24 http://www.cnvd.org.cn/flaw/show/CNVD-2019-09870
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local...
The ping page of the administration panel in Telmat AccessLog
The login page in Telmat AccessLog
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag. Date published : 2020-09-24 https://github.com/laurent22/joplin/releases/tag/v1.1.4 http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html
Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also...
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users...
ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%ActiveFaxClient, %PROGRAMFILES%ActiveFaxInstall and %PROGRAMFILES%ActiveFaxTerminal. The folder permissions allow "Full Control" to "Everyone". An authenticated local...
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property ‘portlet.resource.id.banned.paths.regexp’ can be bypassed with doubled encoded URLs. Date published : 2020-09-24 https://issues.liferay.com/browse/LPE-17046 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119772204