PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur...
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITYSYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%Securepoint SSL...
Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel. Date published : 2021-06-28 https://github.com/whiteleaf7/narou/blob/develop/ChangeLog.md#380-20210627 https://vuln.ryotak.me/advisories/51
Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload Date published : 2021-06-28 https://packetstormsecurity.com/files/163282/Online-Pet-Shop-We-App-1.0-SQL-Injection-Shell-Upload.html https://www.sourcecodester.com/php/14839/online-pet-shop-we-app-using-php-and-paypal-free-source-code.html
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute. Date published : 2021-06-28 https://zammad.com/en/advisories/zaa-2021-06
Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information. Date published : 2021-06-28 https://zammad.com/en/advisories/zaa-2021-04
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view. Date published : 2021-06-28 https://zammad.com/en/advisories/zaa-2021-05
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers’ page. Date published : 2021-06-28 https://zammad.com/en/advisories/zaa-2021-07
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing. Date published : 2021-06-28 https://zammad.com/en/advisories/zaa-2021-02
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a ‘note’ field to store additional information. Date published...
Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx. Date published : 2021-06-28 https://github.com/umbraco/Umbraco-CMS/issues/9782
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. Date published : 2021-06-28 https://github.com/chamilo/chamilo-lms/commit/005dc8e9eccc6ea35264064ae09e2e84af8d5b59 https://github.com/chamilo/chamilo-lms/commit/f7f93579ed64765c2667910b9c24d031b0a00571
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address. Date published : 2021-06-28 https://www.openwall.com/lists/oss-security/2021/06/28/2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JB2VTJ3G2ILYWH5Y2FTY2PUHT2MD6VMI/
Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string...