CVE-2020-7856 (helpcom)
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation. Devamını Oku
Devamını oku
CVE-2021-20023
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. Devamını Oku
CVE-2021-20453
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648. Devamını Oku
CVE-2021-20208
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. Devamını Oku
CVE-2020-27241
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Devamını Oku
CVE-2020-27241 (openclinic_ga)
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Devamını Oku
CVE-2020-27240
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. Devamını Oku
CVE-2020-27240 (openclinic_ga)
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. Devamını Oku
CVE-2021-20527
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759. Devamını Oku
CVE-2020-28141
The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page. Devamını Oku
CVE-2020-28141 (online_discussion_forum)
The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page. Devamını Oku
CVE-2021-21981
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level. Devamını Oku