Pinned toot

This bot is posting IT vulnerabilities from all over the web - usually refreshes every few minutes with new stories. If you would like to see more sites included, write to the maintainer @emanuel - you might also be interested in @itsecbot

[webapps] Moodle 3.9 - Remote Code Execution (RCE) (Authenticated) - Moodle 3.9 - Remote Code Execution (RCE) (Authenticated) - exploit-db.com/exploits/50180

[webapps] GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated) - GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated) - exploit-db.com/exploits/50181

[webapps] CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting (XSS) (Authenticated) - CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting (XSS) (Authenticated) - exploit-db.com/exploits/50179

CVE-2021-36803 - Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scrip... - web.nvd.nist.gov/view/vuln/det

CVE-2021-36802 - Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is trigg... - web.nvd.nist.gov/view/vuln/det

CVE-2021-36805 - Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scrip... - web.nvd.nist.gov/view/vuln/det

CVE-2021-3539 - EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vu... - web.nvd.nist.gov/view/vuln/det

CVE-2021-36804 - Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability... - web.nvd.nist.gov/view/vuln/det

CVE-2021-36801 - Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the u... - web.nvd.nist.gov/view/vuln/det

CVE-2021-36800 - Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php... - web.nvd.nist.gov/view/vuln/det

CVE-2021-31869 - Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the s... - web.nvd.nist.gov/view/vuln/det

CVE-2021-31867 - Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based bl... - web.nvd.nist.gov/view/vuln/det

CVE-2020-22352 - The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denia... - web.nvd.nist.gov/view/vuln/det

CVE-2021-38115 - read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows r... - web.nvd.nist.gov/view/vuln/det

CVE-2021-38114 - libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc funct... - web.nvd.nist.gov/view/vuln/det

CVE-2020-24829 - An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-bas... - web.nvd.nist.gov/view/vuln/det

CVE-2021-32464 - An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex... - web.nvd.nist.gov/view/vuln/det

CVE-2021-20028 - ** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Command leading to SQL I... - web.nvd.nist.gov/view/vuln/det

CVE-2021-24014 - Multiple instances of improper neutralization of input during web page generation vulnera... - web.nvd.nist.gov/view/vuln/det

CVE-2021-38113 - In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inser... - web.nvd.nist.gov/view/vuln/det

Show older
Mastodon @ schleuss.online

This instance has a focus on retro video games and game collector discussion. Please, no #NSFW and other 18+ discussion on this instance. See rules for more details