Virus and Security Alerts

CVE-2020-4536 (openpages_grc_platform)

2021-05-11 16:15:07
IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
National Vulnerability Database
CVE-2021-3315 (teamcity)

2021-05-11 12:15:08
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
National Vulnerability Database
CVE-2021-31908 (teamcity)

2021-05-11 12:15:08
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
National Vulnerability Database
CVE-2020-27245 (openclinic_ga)

2021-05-11 11:15:07
An exploitable SQL injection vulnerability exists in â€˜listImmoLabels.jspâ€™ page of OpenClinic GA 5.173.3 application.
National Vulnerability Database
CVE-2020-27246 (openclinic_ga)

2021-05-11 11:15:07
An exploitable SQL injection vulnerability exists in â€˜listImmoLabels.jspâ€™ page of OpenClinic GA 5.173.3 application.
National Vulnerability Database
CVE-2020-27242 (openclinic_ga)

2021-05-11 11:15:07
An exploitable SQL injection vulnerability exists in â€˜listImmoLabels.jspâ€™ page of OpenClinic GA 5.173.3 application.
National Vulnerability Database
CVE-2020-27243 (openclinic_ga)

2021-05-11 11:15:07
An exploitable SQL injection vulnerability exists in â€˜listImmoLabels.jspâ€™ page of OpenClinic GA 5.173.3 application.
National Vulnerability Database
CVE-2020-27244 (openclinic_ga)

2021-05-11 11:15:07
An exploitable SQL injection vulnerability exists in â€˜listImmoLabels.jspâ€™ page of OpenClinic GA 5.173.3 application.
National Vulnerability Database
CVE-2020-23373 (nonecms)

2021-05-10 23:15:07
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
National Vulnerability Database
CVE-2020-23370 (yzmcms)

2021-05-10 23:15:07
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.
National Vulnerability Database
CVE-2020-23369 (yzmcms)

2021-05-10 23:15:07
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
National Vulnerability Database
CVE-2020-23376 (nonecms)

2021-05-10 23:15:07
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.
National Vulnerability Database
CVE-2020-23374 (nonecms)

2021-05-10 23:15:07
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
National Vulnerability Database
CVE-2020-23371 (nonecms)

2021-05-10 23:15:07
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
National Vulnerability Database
CVE-2020-27230 (openclinic_ga)

2021-05-10 19:15:07
A number of exploitable SQL injection vulnerabilities exists in â€˜patientslist.doâ€™ page of OpenClinic GA 5.173.3 application.
National Vulnerability Database
CVE-2020-27226 (openclinic_ga)

2021-05-10 19:15:07
An exploitable SQL injection vulnerability exists in â€˜quickFile.jspâ€™ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection.
National Vulnerability Database
CVE-2020-27231 (openclinic_ga)

2021-05-10 19:15:07
A number of exploitable SQL injection vulnerabilities exists in â€˜patientslist.doâ€™ page of OpenClinic GA 5.173.3 application.
National Vulnerability Database
CVE-2020-27229 (openclinic_ga)

2021-05-10 19:15:07
A number of exploitable SQL injection vulnerabilities exists in â€˜patientslist.doâ€™ page of OpenClinic GA 5.173.3 application.
National Vulnerability Database
CVE-2021-31758 (ac11_firmware)

2021-05-07 23:15:07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
National Vulnerability Database
CVE-2021-31757 (ac11_firmware)

2021-05-07 23:15:07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
National Vulnerability Database
CVE-2021-31755 (ac11_firmware)

2021-05-07 23:15:07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
National Vulnerability Database
CVE-2021-31756 (ac11_firmware)

2021-05-07 23:15:07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request.
National Vulnerability Database
CVE-2021-31460 (reader, phantompdf)

2021-05-07 21:15:08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31459 (reader, phantompdf)

2021-05-07 21:15:08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31458 (reader, phantompdf)

2021-05-07 21:15:08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31453 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31445 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31454 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31444 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31449 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31448 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31455 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31441 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31450 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31446 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31452 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31447 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31457 (phantompdf, reader)

2021-05-07 21:15:07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31442 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31443 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31451 (foxit_reader, phantompdf)

2021-05-07 21:15:07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-31456 (phantompdf, reader)

2021-05-07 21:15:07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576.
National Vulnerability Database
CVE-2021-32470 (craft_cms)

2021-05-07 19:31:07
Craft CMS before 3.6.13 has an XSS vulnerability.
National Vulnerability Database
CVE-2021-27573 (emote_remote_mouse)

2021-05-07 19:31:07
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior authorization or authentication.
National Vulnerability Database
CVE-2021-27570 (emote_remote_mouse)

2021-05-07 19:31:07
An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet.
National Vulnerability Database
CVE-2021-27574 (emote_remote_mouse)

2021-05-07 19:31:07
An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update,
National Vulnerability Database
CVE-2021-27569 (emote_remote_mouse)

2021-05-07 19:31:07
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet.
National Vulnerability Database
CVE-2021-27571 (emote_remote_mouse)

2021-05-07 19:31:07
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths.
National Vulnerability Database
CVE-2020-4901 (robotic_process_automation_with_automation_anywhere)

2021-05-07 16:15:07
IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992.
National Vulnerability Database
CVE-2021-26122 (xist4c)

2021-05-07 12:15:07
LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm.
National Vulnerability Database
CVE-2021-26123 (xist4c)

2021-05-07 12:15:07
LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm.
National Vulnerability Database
CVE-2020-36126 (paxstore)

2021-05-07 11:15:08
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation.
National Vulnerability Database
CVE-2020-36128 (paxstore)

2021-05-07 11:15:08
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token (called X-Terminal-Token) to access the marketplace.
National Vulnerability Database
CVE-2020-36127 (paxstore)

2021-05-07 11:15:08
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password.
National Vulnerability Database
CVE-2020-36125 (paxstore)

2021-05-07 11:15:08
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint direct
National Vulnerability Database
CVE-2020-36124 (paxstore)

2021-05-07 11:15:08
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection.
National Vulnerability Database