Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). Date published : 2020-12-30 https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt https://github.com/plone/Products.CMFPlone/issues/3209
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). Date published : 2020-12-30 https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt https://github.com/plone/Products.CMFPlone/issues/3209
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. Date published : 2020-12-30 https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt https://github.com/plone/Products.CMFPlone/issues/3209
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. Date published : 2020-12-30 http://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability...
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. Date published : 2020-12-30...
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in...
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. Date published : 2020-12-30 http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes/ https://github.com/moby/buildkit/pull/1462
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions....
URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (“) character followed by an at (`@`) character. If the...
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in...
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted...
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Date published : 2020-12-30 https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-%28cve-2020-19664%29/ https://github.com/minghangshen/bug_poc
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069. Date published...