Monthly Archive: July 2021

Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitive part of the system...

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email address of users...

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions 13.0 through 13.1....

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to...

Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. Date published : 2021-07-01 https://raxis.com/blog/cve-2021-31813 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html

A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the ’email’ POST parameter in adminprofile.php. Date published : 2021-07-01...

Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the ‘editid’ GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the ‘searchdata’ POST parameter in search.php....

An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. Date published : 2021-07-01 https://advisories.stormshield.eu https://advisories.stormshield.eu/2021-006

Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system...

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs. Date published : 2021-07-01 https://us-cert.cisa.gov/ics/advisories/icsa-21-182-02 https://www.johnsoncontrols.com/cyber-solutions/security-advisories

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU,...

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. Date published : 2021-07-01 https://consumer.huawei.com/en/support/bulletin/2021/5/

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. Date published : 2021-07-01 https://consumer.huawei.com/en/support/bulletin/2021/5/

There is a Configuration Defect vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. Date published : 2021-07-01 https://consumer.huawei.com/en/support/bulletin/2021/5/