Monthly Archive: July 2021

An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6. Date published : 2021-07-09 https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/

Local file inclusion exists in Kaseya VSA before 9.5.6. Date published : 2021-07-09 https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/

Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requirement. Date published : 2021-07-09 https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/

Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7. Date published : 2021-07-09 https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/

Kaseya VSA before 9.5.5 allows remote code execution. Date published : 2021-07-09 https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/

SQL injection exists in Kaseya VSA before 9.5.6. Date published : 2021-07-09 https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. Date published : 2021-07-09 https://csirt.divd.nl/2021/07/04/Kaseya-Case-Update-2/ https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end...

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within...

A maliciously crafted TIFF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited...

A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. An attacker can leverage this to execute arbitrary code. Date published :...

A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them....

A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL or...

A maliciously crafted TIFF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF...