Monthly Archive: December 2021

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running...

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router’s...

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner...

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both...

An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password. Date published...

Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database...

Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations...

Microsoft SharePoint Elevation of Privilege Vulnerability. Date published : 2021-12-29 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43876

vim is vulnerable to Use After Free Date published : 2021-12-29 https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Date published : 2021-12-29 https://huntr.dev/bounties/8b531ae9-2d36-43ff-af33-4d81acfb2f27 https://github.com/livehelperchat/livehelperchat/commit/1f67cf9f251289a5094774307c2c3d638f9f0ba6

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Date published : 2021-12-29 https://huntr.dev/bounties/8a7d16e0-9a46-4710-a029-c89c33c01528 https://github.com/livehelperchat/livehelperchat/commit/162892013eb07b21461ceffe6702140acc0fef57

An improper authentication vulnerability has been reported to affect Android App Qfile. If exploited, this vulnerability allows attackers to compromise app and access information We have already fixed this vulnerability in the following versions...

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following...

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the...