CurvyCorners module versions 6.x-1.x and 7.x-1.x suffer from a cross site scripting vulnerability.
d7fcabd2dc84c5a5de2f1ab425fd8512a1b54d1044e9469a9dfdc728a0128de3The 3CX Phone System stores password in the clear as well as makes them exportable in the administration interface.
2c1705c4372ab218a33192a0a6965c618979430b30d44e4c74099369db74b516The 3CX Client for Windows (legacy), Android, and iOS fails to properly validate TLS certificates.
074017ebf0abca4d37a8b67b240f167c0bec4bbfda44f67fe65cc2c9c71455a1Ionic Identity Vault versions 5.0.4 and below suffer from a PIN unlock lockout bypass vulnerability on both Android and iOS.
6d043256140f16431c0ba31a27b2ed7b96bda2ffd3eebc36d63d48a045405df3OpenVPN Monitor versions 1.1.3 and below suffer from a cross site request forgery vulnerability that allows an attacker to disconnect arbitrary VPN clients.
1f3480045376cc0f2cd806ce155a2c7af1486e8d2504fc839a567a574a2ca25dOpenVPN Monitor versions 1.1.3 and below suffer from an injection vulnerability that allows an attacker to inject arbitrary commands into the OpenVPN server management interface socket.
4aac8e5a6173c4bf869dd5a55f56e9c252331247d5ba381aa933566cb18beba6OpenVPN Monitor versions 1.1.3 and below suffer from an authorization bypass vulnerability that allows an attacker to disconnect arbitrary clients, even if the disconnect feature is disabled.
44443d6d17ea4c88ab04491310bc5cbff119d5c6333513c5f92e9d957fcdc127Ionic Identity Vault versions 4.7 and below suffer from a biometric authentication bypass vulnerability on Android.
0937a4fec4ba4da6536fb54a86bc96cbee6f829e34003327e23d35d71714b309Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement fusionauth-samlv2. Version 0.2.3 is vulnerable.
c0bc810aed6db58661b8cd13a1ebf5d20fed6fdb9c77567debaa3ab0cf809833Checkmk version 1.6.0p16 suffers from a local privilege escalation vulnerability.
41cd3d163f2b1dd4d07d8fd2298825fb4ce75d3e7d473bbc6a6eb549e3eec3aaFroala WYSIWYG HTML Editor versions 3.0.6 through 3.1.1 suffer from a cross site scripting vulnerability.
bdfe7870a6bfb2049e8c75da603ea32348be1f41280ca90de30fc97cec47171dCompass Security identified a security feature bypass vulnerability in Microsoft Windows. Due to the absence of integrity verification requirements for the RPC protocol and in particular the Task Scheduler, a man-in-the-middle attacker can relay his victim's NTLM authentication to a target of his choice over the RPC protocol. Provided the victim has administrative privileges on the target, the attacker can execute code on the remote target.
16fcf81541831c6f1a2109c00a1d366d79871db6b8aecafaba474512db27d1b8Apache Olingo OData versions 4.x.x through 4.6.x suffer from an XML external entity injection vulnerability.
d75945c0ef25d01e09b20bc238efc4643956f6efcb9ef7c60c5a3616439af4afVMware VeloCloud versions 3.3.0 and 3.2.2 suffer from an authorization bypass vulnerability.
b178e025418fdce965c1ba9495e327d80d7c6b0fdcc3bc3ee020af4593bbb6b4Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.
354a63d78ac4b5ab320b994b6c1ce672f98e673e216b330282677992fd04dbd8ownCloud version 0.1.2 suffers from a user impersonation authorization bypass vulnerability.
29b952619c8992a8a4ce5753eaedfa7b6eaafa33618c92674d49b3731375dc42ownCloud version 3.7.3 for iOS suffers from a cross site scripting vulnerability.
60a743c516f85803a1928a7f4848da9eaf304718636f0a2239685f689d400f9cAsync-IO.org Atmosphere suffers from a cross site scripting vulnerability. Versions affected include 2.4.0 through 2.4.28, 2.3.0 through 2.3.9, 2.2.0 through 2.2.12, 2.1.0 through 2.1.13, 2.0.0 through 2.0.11, and 1.0.0 through 1.0.20.
97b50b2cbb4d40836060310c411ca71e45fef38b211da594ec9d86006ec1a2e4Eclipse Vert.x versions 3.0.0 through 3.5.1 suffer from an HTTP header injection vulnerability.
ead21d1d6f83b7ca507718762f39d1619b3781521f8a6f6887698bae11fd431dTotemomail Encryption Gateway version 6.0.0_Build_371 suffers from a cross site request forgery vulnerability.
e8a2843d81adf1981b8ebee55ab7f42985b01fabd91b40f0f0ca5b28861631a8Totemomail Encryption Gateway version 6.0.0_Build_371 suffers from a JSONP hijacking vulnerability.
8756d7ad799faafde0a4ae9c09997e1ffb18efb7f8b6ff2a9e362f6eeb8f8e7cCompass Security discovered a design weakness in Microsoft Intune's iOS Keychain management. This allows users to access company data even after the device has been unenrolled.
ddd63a88b904946a23a9cb733e253b9a99ce019c4a471fdab65dc2abd2085145Compass Security discovered a design weakness in Microsoft Intune's app protection. This weakness allows a malicious user that gets hold of an employee's iOS device to access company data even without knowing the app PIN.
9eb901ef1974be004d63aa35bd969efac3bd77a0a761e1cbabb90340bf37e26cMyTy versions 5.0.4 through 5.1.7 suffer from a cross site scripting vulnerability.
94be6a7120b16a491be04b757f12c7c4aac4d8505f42db6b90390220e3b2f4dbMyTy versions 5.0.4 through 5.1.6 suffer from a remote blind SQL injection vulnerability.
df077096933740cbc5dda72b5207f5cb81f1182b1fba66ba91e1268b7238d580iText PDF Library versions 2.0.8, 5.5.11, and 7.0.2 suffer from an XML external entity injection vulnerability. The attack can be carried out by submitting a malicious PDF to an iText application that parses XML data. By providing a malicious XXE payloads inside the XML data that resides in the PDF, an attacker can for example extract files or forge requests on the server.
28a8b1badebadad07e326e2363388a39384fcbcb1f223722393aafea4bef3345
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed