Monthly Archive: December 2020

NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module. Date published : 2020-12-28 https://tejaspingulkar.blogspot.com/2020/12/cve-2020-13475-nch-accounts-cross-site.html

In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users. Date published : 2020-12-28 CVE-2020-13474: NCH Express Accounts- Privilege Escalation...

NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file. Date published : 2020-12-28 CVE-2020-13473: NCH Account-Clear Text Password Storage https://tejaspingulkar.blogspot.com/2020/12/cve-2020-13473-nch-account-clear-text.html

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also...

GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused. Date published : 2020-12-27 https://github.com/liftoff/GateOne/issues/747 https://rmb122.com/2019/08/28/Ogeek-Easy-Realworld-Challenge-1-2-Writeup/

Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG...

CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. Date published : 2020-12-27 https://github.com/cbkhwx/cxuucmsv3/issues/3

CXUUCMS V3 allows class="layui-input" XSS. Date published : 2020-12-27 https://github.com/cbkhwx/cxuucmsv3/issues/2

XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. Date published : 2020-12-27 https://github.com/xuxueli/xxl-job/issues/2083

The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. Date published : 2020-12-27 https://github.com/Ko-kn3t/CVE-2020-29156 https://raw.githubusercontent.com/woocommerce/woocommerce/master/changelog.txt

Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local...

Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible...

Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via crafted packet. Date published :...

KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter. Date published : 2020-12-26 http://packetstormsecurity.com/files/160798/Klog-Server-2.4.1-Command-Injection.html http://packetstormsecurity.com/files/161123/Klog-Server-2.4.1-Command-Injection.html