Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
Trend Micro ServerProtect Disclosure / CSRF / XSS
26.05.2017
Multiple
Med.
Cisco Firepower Threat Management Console Local File Inclusion
06.10.2016
Matt Bergin
High
PLANET IP LFI / CSRF / XSS / Authentication Bypass
17.05.2016
Orwelllabs
High
Arris DG1670A Cable Modem Remote Command Execution
14.02.2016
Matt Bergin
Med.
SAP Business Objects Unauthorized File Repository Server Read
26.02.2015
Onapsis
Med.
SAP Business Objects Unauthorized File Repository Server Write
26.02.2015
Onapsis
CVEMAP Search Results
CVE
Details
Description
2021-05-07
Medium
CVE-2021-32101
Vendor:
Open-emr
Software:
Openemr
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient.
2021-04-30
Low
CVE-2021-20326
Vendor:
Mongodb
Software:
Mongodb
A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.4.
2021-04-26
CVE-2021-22669
Updating...
2021-04-23
Low
CVE-2021-31540
Vendor:
Wowza
Software:
Streaming engine
Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.
2021-04-22
Low
CVE-2021-28168
Vendor:
Eclipse
Software:
Jersey
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.
2021-04-15
Low
CVE-2021-30478
Vendor:
Zulip
Software:
Zulip server
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation.
Low
CVE-2021-30487
Vendor:
Zulip
Software:
Zulip server
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
Medium
CVE-2021-30479
Vendor:
Zulip
Software:
Zulip server
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
Low
CVE-2021-30477
Vendor:
Zulip
Software:
Zulip server
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to.
2021-04-14
Low
CVE-2021-27250
Updating...
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856.
Copyright
2021
, cxsecurity.com
Back to Top
