Monthly Archive: April 2021

SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem. Date published : 2021-04-29 https://gitee.com/inxeduopen/inxedu/issues/I294XL

An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulnerability in the check cart page. Date published : 2021-04-29 https://github.com/fecshop/yii2_fecshop/commit/8fac6455882333cfe3d81c4121d523813e28e31a https://github.com/fecshop/yii2_fecshop/issues/87

An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. Date published : 2021-04-29 https://cloud.tencent.com/developer/article/1612208

An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI

Smartwares HOME easy

Inim Electronics Smartliving SmartLAN/G/SI

Inim Electronics SmartLiving SmartLAN/G/SI

Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially...

An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload Date published : 2021-04-29 https://github.com/qq1654985095/tyq

Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the ‘Add Asset’ page via manipulation of a ‘URL’ field, which could let a remote malicious user execute arbitrary code. Date published...

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". Date published : 2021-04-29 https://github.com/idreamsoft/iCMS/issues/46

Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java". Date published : 2021-04-29 https://github.com/zchuanzhao/jeesns/issues/8

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into...

django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential...