|
This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as... |
This service offers the possibility of searching public domain information related to known security hardware and... |
This service collects data related to public available exploits. The database is updated daily through the official... |
The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two... |
| Published | Description | |
|---|---|---|
| CVE-2021-21338 |
23-03-2021 02:15:00 |
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. |
| CVE-2021-21370 |
23-03-2021 02:15:00 |
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. |
| CVE-2021-21339 |
23-03-2021 02:15:00 |
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. |
| CVE-2021-21357 |
23-03-2021 02:15:00 |
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1. |
| CVE-2021-21340 |
23-03-2021 02:15:00 |
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 . |
| Date | Title | Platform | Author |
|---|---|---|---|
|
22-03-2021 |
ProFTPD 1.3.7a - Remote Denial of Service | multiple | xynmaps |
|
22-03-2021 |
Winpakpro 4.8 - 'GuardTourService' Unquoted Service Path | windows | Alan Mondragon |
|
22-03-2021 |
Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path | windows | Alan Mondragon |
|
22-03-2021 |
WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal | php | Nicholas Ferreira |
|
22-03-2021 |
MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path | windows | Ismael Nava |
Italiano
English