Monthly Archive: July 2021

Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. Date published : 2021-07-27 https://github.com/yzmcms/yzmcms/issues/14

SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm. Date published : 2021-07-27 https://github.com/YangSirrr/opendebug/blob/master/whatsns/Main.md

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request. Date published : 2021-07-27 https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802 https://www.security.crestron.com

A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data. Date published : 2021-07-27 https://www.acronis.com/en-us/support/updates/index.html

The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter. Date published : 2021-07-27 http://packetstormsecurity.com/files/163538/WordPress-LearnPress-Privilege-Escalation.html LearnPress – WordPress LMS...

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. Date published : 2021-07-26 https://security.netapp.com/advisory/ntap-20210917-0005/ https://www.debian.org/security/2021/dsa-4978

TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ...

app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. Date published : 2021-07-26 https://github.com/MISP/MISP/commit/78edbbca64a1edc4390560cc106d0d418064355d

In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database. Date published : 2021-07-26 https://gist.github.com/victomteng1997/ed429fed7de46651c89f05e7591fd4fe https://github.com/NavigateCMS/Navigate-CMS

In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database. Date published : 2021-07-26 https://gist.github.com/victomteng1997/ed429fed7de46651c89f05e7591fd4fe https://github.com/NavigateCMS/Navigate-CMS

In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database. Date published...

In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database. Date published : 2021-07-26 https://gist.github.com/victomteng1997/ed429fed7de46651c89f05e7591fd4fe https://github.com/NavigateCMS/Navigate-CMS

In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database. Date published...

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration. Date published : 2021-07-26 https://gist.github.com/victomteng1997/bfa1e0e07dd22f7e0b13256eda79626f https://github.com/ralap-z/RPCMS/