Monthly Archive: July 2021

SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid. Date published : 2021-07-12 https://github.com/SZFsir/tmpProject/issues/1 https://www.mituo.cn/news/2473.html

SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. Date published : 2021-07-12 https://github.com/SZFsir/tmpProject/issues/2 https://www.mituo.cn/news/2473.html

SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage. Date published : 2021-07-12 https://github.com/SZFsir/tmpProject/issues/3 https://www.mituo.cn/news/2473.html

A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service. Date published : 2021-07-12 https://github.com/mitre/caldera/issues/462

An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) – Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. It...

An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr (description) parameter of wake-on-LAN entries...

A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload...

File Deletion vulnerability in Halo 0.4.3 via delBackup. Date published : 2021-07-12 https://github.com/halo-dev/halo/issues/136

Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. Date published : 2021-07-12 https://github.com/halo-dev/halo/issues/135

Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. Date published : 2021-07-12 https://github.com/halo-dev/halo/issues/127

Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. Date published : 2021-07-12 https://github.com/halo-dev/halo/issues/134

Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. Date published : 2021-07-12 https://github.com/halo-dev/halo/issues/126

SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php". Date published : 2021-07-12 https://github.com/FeMiner/wms/issues/5

A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. Date...