IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791. Date published : 2021-06-29 https://www.ibm.com/support/pages/node/6466609 https://exchange.xforce.ibmcloud.com/vulnerabilities/197791
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized ‘ref’ parameter. Date published : 2021-06-29 https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/
Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. Date published : 2021-06-29 https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/
Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php. Date published : 2021-06-29 https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/
Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place. Date published : 2021-06-29 https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/
Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content. Date published : 2021-06-29 https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/
Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on...
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to. Date published...
A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter. Date published : 2021-06-29 https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36099
An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker...
A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login. Date published : 2021-06-29 https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088
SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php. Date published : 2021-06-29 https://github.com/mumu0215/cve_reference/blob/master/CRMEB_system.md
Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment. Date published : 2021-06-29 https://github.com/94fzb/zrlog/issues/42