Monthly Archive: May 2021

A flaw was found in Samba’s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request....

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the...

A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted...

A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions...

An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information,...

An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block’s size to be allocated by calloc(). As a result, the actual memory...

Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 contains a cross-site scripting (XSS) vulnerability that can lead to an account takeover via custom email templates. Date published : 2021-05-12 https://www.r29k.com/articles/bb/stored-xss-in-deskpro

An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions...

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into...

A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants)...

An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5. Date published : 2021-05-12 https://codecanyon.net/item/golo-city-guide-laravel-theme/25785389 https://github.com/vladvector/vladvector.github.io/blob/master/exploit/2020-07-02-golo-business-listing-city-travel-guide-laravel-theme-v1-1-5.txt

An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path. Date published : 2021-05-12 https://github.com/ShaoGongBra/dhcms/issues/4

A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 in guestbook via the message board, which could let a remote malicious user execute arbitrary code. Date published : 2021-05-12 https://github.com/ShaoGongBra/dhcms/issues/3

Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu". Date published : 2021-05-12 https://github.com/Cumtyuanfeng/Laobancms/blob/master/vuln.md