An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical...
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders...
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before...
Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users’ DNS query history. Date published : 2021-10-31 http://d-link.com http://dir-868lw.com
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the...
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing...
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115. Date published : 2021-10-30 https://www.sophos.com/en-us/security-advisories/sophos-sa-20211029-ssw-pw-bypass
An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. Date published : 2021-10-29 https://www.cnvd.org.cn/flaw/show/3832981
An Incorrect Access Control issue exists in all versions of Portainer.via an unauthorized access vulnerability. The vulnerability is also CNVD-2021-49547 Date published : 2021-10-29 https://www.cnvd.org.cn/flaw/show/CNVD-2021-49547
SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information. Date published : 2021-10-29 https://github.com/purple-WL/Yonyou-TurboCRM-SQL-injection/issues/1 https://www.cnvd.org.cn/flaw/show/CNVD-2020-21956
An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php. Date published : 2021-10-29 https://github.com/janikwehrli1/0dayHunt/blob/main/pharmacypossqli.txt https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41676
A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. . Date published : 2021-10-29 https://github.com/janikwehrli1/0dayHunt/blob/main/E-Negosyo-Authenticated-RCE.py
An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php. Date published : 2021-10-29 https://github.com/janikwehrli1/0dayHunt/blob/main/E-Negosyo-System-SQLi.txt https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41674
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters.. Date published : 2021-10-29 https://www.exploit-db.com/exploits/50319