Monthly Archive: July 2021

The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control...

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. Date published : 2021-07-07...

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints. Date published : 2021-07-07 http://seclists.org/fulldisclosure/2021/May/72 https://korelogic.com/advisories.html

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist. Date published : 2021-07-07 http://seclists.org/fulldisclosure/2021/May/73 https://korelogic.com/advisories.html

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts. Date published : 2021-07-07 https://korelogic.com/advisories.html https://seclists.org/fulldisclosure/2021/May/75

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. Date published : 2021-07-07 https://korelogic.com/advisories.html https://seclists.org/fulldisclosure/2021/May/74

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file...

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. Date published : 2021-07-07 http://seclists.org/fulldisclosure/2021/May/78 https://korelogic.com/advisories.html

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. Date published : 2021-07-07 http://seclists.org/fulldisclosure/2021/May/76 https://korelogic.com/advisories.html

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper’s HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too...

ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly. Date published :...

Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause...

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS...

QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version...