Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or...
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control...
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. Date published : 2021-11-30 https://www.twcert.org.tw/tw/cp-132-5353-4ebee-1.html
An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the ‘
nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same...
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows. Date published : 2021-11-30 https://docs.jamf.com/10.32.0/jamf-pro/release-notes/Resolved_Issues.html https://blog.assetnote.io/2021/11/30/jamf-ssrf/
bookstack is vulnerable to Improper Access Control Date published : 2021-11-30 https://huntr.dev/bounties/c6dfa80d-43e6-4b49-95af-cc031bb66b1d https://github.com/bookstackapp/bookstack/commit/b4fa82e3298a15443ca40bff205b7a16a1031d92
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user’s password to be changed without a prompt for the current password. Date published : 2021-11-30 https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes https://hackerone.com/reports/1065577
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. Date...
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. Date published : 2021-11-30 https://www.dell.com/support/kbdoc/en-in/000193697/dsa-2021-205-dell-emc-streaming-data-platform-security-update-for-third-party-vulnerabilities
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information...
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP...
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the...
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware...