Cartoon Caption Winner: Something Seems Afoul

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-26709
PUBLISHED: 2021-04-07

** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longe…

CVE-2021-30177
PUBLISHED: 2021-04-07

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.

CVE-2021-20687
PUBLISHED: 2021-04-07

Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVE-2021-20688
PUBLISHED: 2021-04-07

Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remote attackers to inject an arbitrary script via unspecified vectors.

CVE-2021-20689
PUBLISHED: 2021-04-07

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.

Source

Next Post

Coca-Cola trade secret theft underscores importance of insider threat early detection

Wed Apr 7 , 2021
The trial of Xiaorong You is set to begin today, April 6, in Greenville, TN. She is accused of trade secret theft and economic espionage after allegedly stealing bisphenol-A-free (BPA-free) technologies owned by several companies, including her former employers Coca-Cola and Eastman Chemical Company. The value placed on the development […]