Monthly Archive: July 2021

PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack,...

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. Date published : 2021-07-27 https://eprint.iacr.org/2020/460 https://github.com/JHUISI/charm/blob/dev/charm/schemes/abenc/abenc_yct14.py

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. Date published : 2021-07-27 https://eprint.iacr.org/2020/460 https://github.com/JHUISI/charm/issues/276

replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock. Date published : 2021-07-27 http://www.openwall.com/lists/oss-security/2021/07/27/1 https://github.com/matanui159/ReplaySorcery/releases

Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call...

PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception. Date published : 2021-07-27 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html https://doc.powerdns.com/authoritative/security-advisories/index.html

engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the...

Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the...

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link...

Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted...

An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as...

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter. Date published : 2021-07-27 http://packetstormsecurity.com/files/163282/Online-Pet-Shop-We-App-1.0-SQL-Injection-Shell-Upload.html https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-35458

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges. Date published : 2021-07-27 https://neo4j.com https://neo4j.com/developer/kb/neo4j-4-2-x-sec-vuln-fix/

In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0. Date published : 2021-07-27 https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141