Monthly Archive: March 2022

ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection. Date published : 2022-03-27 http://karmainsecurity.com/KIS-2022-04 http://packetstormsecurity.com/files/166404/ImpressCMS-1.4.2-SQL-Injection.html

ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token). Date published : 2022-03-27 http://karmainsecurity.com/KIS-2022-03 http://seclists.org/fulldisclosure/2022/Mar/45

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. Date published : 2022-03-27 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.11 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=817b8b9c5396d2b2d92311b46719aad5d3339dbe

** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor’s perspective...

EyouCMS v1.5.4 was discovered to lack parameter filtering in usercontrollershop.php, leading to payment logic vulnerabilities. Date published : 2022-03-27 https://github.com/wwwxxxw/issue

74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at indexcontrollerDownload.php. Date published : 2022-03-27 https://github.com/N1ce759/74cmsSE-Arbitrary-File-Reading/issues/1

Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php. Date published : 2022-03-27 https://github.com/hiliqi/xiaohuanxiong/issues/33

A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request. Date...

D-Link DIR-820L 1.05B03 was discovered to contain a remote command execution (RCE) vulnerability via the Device Name parameter in /lan.asp. Date published : 2022-03-27 http://dir-820l.com http://dlink.com

Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. Date published : 2022-03-27 https://github.com/Fndroid/clash_for_windows_pkg/issues/2710

WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names. Date published : 2022-03-27

aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa). Date published : 2022-03-27 https://www.exploit-db.com/exploits/50780

Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go. Date published : 2022-03-27 https://github.com/open-falcon/falcon-plus/issues/951

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. Date published : 2022-03-27 https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security https://github.com/python-pillow/Pillow/pull/3450