Monthly Archive: September 2021

The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead...

furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients. Date published : 2021-09-27 http://packetstormsecurity.com/files/164274/OpenVPN-Monitor-1.1.3-Authorization-Bypass-Denial-Of-Service.html https://github.com/furlongm/openvpn-monitor/releases

furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM. Date published : 2021-09-27 http://packetstormsecurity.com/files/164278/OpenVPN-Monitor-1.1.3-Command-Injection.html https://github.com/furlongm/openvpn-monitor/releases

furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. Date published : 2021-09-27 http://packetstormsecurity.com/files/164281/OpenVPN-Monitor-1.1.3-Cross-Site-Request-Forgery.html https://github.com/furlongm/openvpn-monitor/releases

Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue requires local access, administrator...

A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and...

The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks Date published : 2021-09-27 https://wpscan.com/vulnerability/a092548f-1ad5-44d3-9901-cdf4ebcee40a

The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a ‘Social & Donations’ module (not activated by default), which adds the rest route ‘/services/contributor/(?P[d]+), takes an ‘id’ and ‘category’ parameters as arguments. Both parameters...

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is...

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the...

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin’s block. Date published :...

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or...

The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...