CVE-2022-0136
A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature. Date published : 2022-03-28...
Monthly Archive: March 2022
CVE-2022-0123
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes...
CVE-2021-45491
3CX System through 2022-03-17 stores cleartext passwords in a database. Date published : 2022-03-27 http://packetstormsecurity.com/files/166386/3CX-Phone-System-Cleartext-Passwords.html https://www.3cx.com/community/forums/posts-articles-news/
CVE-2021-45490
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. Date published : 2022-03-27 https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html https://www.3cx.com/community/forums/posts-articles-news/
CVE-2021-44617
A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated. Date published : 2022-03-27 http://packetstormsecurity.com/files/166285/Baixar-GLPI-Project-9.4.6-SQL-Injection.html
CVE-2021-44213
OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message. Date published : 2022-03-27 https://open-xchange.com https://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html
CVE-2021-44212
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPTt substring. Date published : 2022-03-27 http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html https://open-xchange.com
CVE-2021-44211
OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature. Date published : 2022-03-27 http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html https://open-xchange.com
CVE-2021-44210
OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data. Date published : 2022-03-27 http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html https://open-xchange.com
CVE-2021-44209
OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. Date published : 2022-03-27 http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html https://open-xchange.com
CVE-2021-44208
OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. Date published : 2022-03-27 http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html https://open-xchange.com
CVE-2021-44127
In DLink DAP-1360 F1 firmware version
CVE-2021-26601
ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal. Date published : 2022-03-27 http://karmainsecurity.com/KIS-2022-02 http://packetstormsecurity.com/files/166402/ImpressCMS-1.4.2-Path-Traversal.html
CVE-2021-26600
ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==). Date published : 2022-03-27 http://karmainsecurity.com/KIS-2022-01 http://packetstormsecurity.com/files/166393/ImpressCMS-1.4.2-Authentication-Bypass.html