Monthly Archive: December 2021

NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user’s session by injecting malicious JavaScript codes which leads to session hijacking. Date published...

Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes. Date published : 2021-12-28 https://drive.google.com/file/d/1IgGyzU_ekMZf8yWq46DwtIaVsBf3gt2U/view?usp=sharing https://drive.google.com/file/d/1yVuCfovUpqwp6KKZW1togf5PigxXQ3dh/view?usp=sharing

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can...

FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. Date published : 2021-12-28 https://us-cert.cisa.gov/ics/advisories/icsa-21-320-01

FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. Date published : 2021-12-28 https://us-cert.cisa.gov/ics/advisories/icsa-21-320-01

A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information. Date published : 2021-12-28 https://github.com/foxcpp/maddy/blob/df40dce1284cd0fd0a9e8e7894029553d653d0a5/internal/auth/shadow/verify.go https://github.com/foxcpp/maddy/releases/tag/v0.5.2

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Date published : 2021-12-28 https://huntr.dev/bounties/8df06513-c57d-4a55-9798-0a1f6c153535 https://github.com/livehelperchat/livehelperchat/commit/c3881fb528af349bf47f9ccbf83c994087faa3e6

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information Date published : 2021-12-28 https://huntr.dev/bounties/ac641425-1c64-4874-95e7-c7805c72074e https://github.com/livehelperchat/livehelperchat/commit/b280beae2e0de37b9e998c31c5d1839852724fc1

https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote). Date published : 2021-12-28 https://medium.com/@VAPT01/cve-2021-40579-9eac3409fd24 https://www.sourcecodester.com/

An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded. Date published...

An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded. Date published : 2021-12-28 https://jvn.jp/en/vu/JVNVU92279973/...

A vulnerability in the ‘libsal.so’ of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. Date published : 2021-12-28 https://bit.ly/3ewa0h0

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of...

A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using...