Monthly Archive: March 2022

textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first...

A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service. Date published : 2022-03-29 https://github.com/open5gs/open5gs/issues/1206

CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. Date published : 2022-03-29 http://packetstormsecurity.com/files/166535/CSZ-CMS-1.2.9-SQL-Injection.html https://github.com/cskaza/cszcms/issues/31

A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let...

An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products. Date published : 2022-03-29 https://github.com/PuneethReddyHC/online-shopping-system/issues/17

An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php. Date published : 2022-03-29 https://github.com/PuneethReddyHC/online-shopping-system/issues/17

Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter. Date published : 2022-03-29 https://github.com/cbkhwx/cxuucmsv3/issues/8

A Format String vulnerability exists in DrayTek Vigor 2960

In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are...

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive...

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. Date published : 2022-03-29 https://github.com/waycrate/swhkd/commit/0b620a09605afb815c6d8d8953bbb7a10a8c0575 https://github.com/waycrate/swhkd/releases

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service. Date published : 2022-03-29 https://github.com/waycrate/swhkd/commit/e661a4940df78fbb7b52c622ac4ae6a3a7f7d8aa https://github.com/waycrate/swhkd/releases

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover. Date published : 2022-03-29 https://owasp.org/www-community/attacks/csrf https://www.exploit-db.com/exploits/50831

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute...