Monthly Archive: August 2021

A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection. Date published : 2021-08-27 https://blog.csdn.net/qq_36093477/article/details/98035255

An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. Date published : 2021-08-27 https://blog.csdn.net/qq_36093477/article/details/86681178

The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection. Date published : 2021-08-27 https://github.com/FeMiner/wms/issues/7

EmTec ZOC before 8.02.2 allows e[201~ pastes, a different vulnerability than CVE-2021-32198. Date published : 2021-08-26 http://www.emtec.com/downloads/zoc/zoc_changes.txt

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at...

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at...

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive...

Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse’s default Content Security Policy and this vulnerability only...

DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter. Date published : 2021-08-26 https://vitthals.github.io/writeups/CVEs/Hoteldruid%203.0.2%20XSS https://www.hoteldruid.com

A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability. Date published...

yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames Date published : 2021-08-26 https://huntr.dev/bounties/dd2e2dbe-efe5-49ec-be11-7a7e7c41debd https://github.com/yourls/yourls/commit/0a70acdcfb5fcbc63dbc5750018d608288eba3fe

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36928. Date published : 2021-08-26 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36931

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Date published : 2021-08-26 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36929

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36931. Date published : 2021-08-26 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36928