This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[1] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[5][6] These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA).[7] This activity has impacted organizations globally, including those in […]

74cms — 74cms  In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server. 2021-02-17 not yet calculated CVE-2020-35339MISCMISC activepresenter — activepresenter  ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a […]

1password — scim_bridge 1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key. 2021-02-08 4 CVE-2021-26905MISCCONFIRM adminer — adminer Adminer through 4.7.8 allows XSS via the history parameter to the default URI. 2021-02-09 4.3 CVE-2020-35572MISCMISC adobe — acrobat Acrobat […]

Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as […]

huawei — multiple_products There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. 2021-02-06 not yet calculated CVE-2021-22300CONFIRM allen-bradley — flex_io_1794-aent/b  An […]

rocket.chat — rocket.chat Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes. 2021-01-26 not yet calculated CVE-2020-8292MISCMISC 4images — image_gallary_management_system  4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This […]

appgini — online_invoicing_system  Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts […]

actionpack_gem_for_ruby_on_rails — actionpack_gem_for_ruby_on_rails In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. […]