Weekly Vulnerabilities Reports > December 28, 2020 to January 3, 2021

The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled.

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.

A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6.

Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations.

An issue was discovered in the multihash crate before 0.11.3 for Rust.

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.

Certain NETGEAR devices are affected by lack of access control at the function level.

NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.

NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection.

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress.

The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033.

The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033.

The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033.

The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033.

An issue was discovered in the ws crate through 2020-09-25 for Rust.

An issue was discovered in the arr crate through 2020-08-25 for Rust.

An issue was discovered in the arr crate through 2020-08-25 for Rust.

An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust.

An issue was discovered in the traitobject crate through 2020-06-01 for Rust.

An issue was discovered in the bigint crate through 2020-05-07 for Rust.

An issue was discovered in the rulinalg crate through 2020-02-11 for Rust.

An issue was discovered in the ozone crate through 2020-07-04 for Rust.

An issue was discovered in the ozone crate through 2020-07-04 for Rust.

An issue was discovered in the rio crate through 2020-05-11 for Rust.

An issue was discovered in the rusqlite crate before 0.23.0 for Rust.

An issue was discovered in the rusqlite crate before 0.23.0 for Rust.

An issue was discovered in the rusqlite crate before 0.23.0 for Rust.

An issue was discovered in the rusqlite crate before 0.23.0 for Rust.

An issue was discovered in the rusqlite crate before 0.23.0 for Rust.

An issue was discovered in the rusqlite crate before 0.23.0 for Rust.

An issue was discovered in the rusqlite crate before 0.23.0 for Rust.

An issue was discovered in the hyper crate before 0.12.34 for Rust.

An issue was discovered in the bitvec crate before 0.17.4 for Rust.

An issue was discovered in the cbox crate through 2020-03-19 for Rust.

An issue was discovered in the prost crate before 0.6.1 for Rust.

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust.

An issue was discovered in the failure crate through 2019-11-13 for Rust.

An issue was discovered in the http crate before 0.1.20 for Rust.

An issue was discovered in the flatbuffers crate before 0.6.1 for Rust.

An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust.

An issue was discovered in the nanorand crate before 0.5.1 for Rust.

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust.

The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole.

NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole.

modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).

includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).

Exponent CMS before 2.6.0 has improper input validation in fileController.php.

Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.

Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.

Exponent CMS before 2.6.0 has improper input validation in usersController.php.

Exponent CMS before 2.6.0 has improper input validation in storeController.php.

XWiki Platform before 12.8 mishandles escaping in the property displayer.

JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution.

The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER).

An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix.

Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login.

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

Prototype pollution vulnerability in 'libnested' versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution.

Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.

Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution.

Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution.

Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution.

Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.

Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.

An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges.

An issue was discovered in Joomla! 3.0.0 through 3.9.22.

Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code.

An issue was discovered in Zammad before 3.4.1.

An issue was discovered in the futures-task crate before 0.3.6 for Rust.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root.

FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password.

MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioctl command 0x9c402000 to \\.\MyDrivers0_0_1.

flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress.

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress.

An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS).

An issue was discovered in the crayon crate through 2020-08-31 for Rust.

An issue was discovered in the rocket crate before 0.4.5 for Rust.

An issue was discovered in the internment crate through 2020-05-28 for Rust.

An issue was discovered in the rusqlite crate before 0.23.0 for Rust.

OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.

Certain NETGEAR devices are affected by CSRF.

There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product.

The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF.

An issue was discovered in Joomla! 2.5.0 through 3.9.22.

Dex is a federated OpenID Connect provider written in Go.

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942.

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress.

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress.

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress.

A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter.

uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024.

qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.

An issue was discovered in the tiny_http crate through 2020-06-16 for Rust.

HGiga MailSherlock contains a SQL injection flaw.

HGiga MailSherlock contains a vulnerability of SQL Injection.

In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation.

URI.js is a javascript URL mutation library (npm package urijs).

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).

Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter.

An SSRF issue was discovered in cockpit-project.org Cockpit 234.

NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by lack of access control at the function level.

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe.

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe.

The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option.

This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234.

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress.

An issue was discovered in the simple-slab crate before 0.3.3 for Rust.

An issue was discovered in the mozwire crate through 2020-08-18 for Rust.

An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust.

An issue was discovered in the actix-utils crate before 2.0.0 for Rust.

Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process.

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10.

An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload.

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument.

PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX.

PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX.

Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX.

Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX.

Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter.

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365).

An issue was discovered in Zammad before 3.4.1.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.

Certain NETGEAR devices are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by command injection by an authenticated user.

NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.

The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in December 2020 and January 2021.

The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations.

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.

The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page.

The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027.

The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033.

The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033.

The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033.

The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033.

A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices.

A vulnerability has been reported to affect QNAP NAS.

An issue was discovered in the obstack crate before 0.1.4 for Rust.

An issue was discovered in the simple-slab crate before 0.3.3 for Rust.

An issue was discovered in the ordnung crate through 2020-09-03 for Rust.

An issue was discovered in the ordnung crate through 2020-09-03 for Rust.

An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust.

An issue was discovered in the os_str_bytes crate before 2.0.0 for Rust.

An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust.

An issue was discovered in the bumpalo crate before 3.2.1 for Rust.

An issue was discovered in the streebog crate before 0.8.0 for Rust.

An issue was discovered in the streebog crate before 0.8.0 for Rust.

An issue was discovered in the chacha20 crate before 0.2.3 for Rust.

An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust.

An issue was discovered in the serde_cbor crate before 0.10.2 for Rust.

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust.

The function, view the source code, of HGiga MailSherlock does not validate specific characters.

The encryption function of NHIServiSignAdapter fail to verify the file path input by users.

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.

In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431.

Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true;} return false;" code block.

An issue was discovered in LINBIT csync2 through 2.0.

In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.

An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token.

A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token.

An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token.

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.

An issue was discovered in MantisBT before 2.24.4.

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page.

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.

Certain NETGEAR devices are affected by disclosure of sensitive information.

Certain NETGEAR devices are affected by lack of access control at the function level.

There is a denial of service vulnerability in some Huawei smartphones.

There is a memory leak vulnerability in some versions of Huawei CloudEngine product.

There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product.

An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log.

An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241.

An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination.

HedgeDoc is a collaborative platform for writing and sharing markdown.

An issue was discovered in Joomla! 1.7.0 through 3.9.22.

An issue was discovered in Joomla! 3.9.0 through 3.9.22.

An issue was discovered in Joomla! 2.5.0 through 3.9.22.

An issue was discovered in Joomla! 2.5.0 through 3.9.22.

An issue was discovered in Joomla! 2.5.0 through 3.9.22.

HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API.

date-and-time is an npm package for manipulating date and time.

In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction.

An issue was discovered in Zammad before 3.5.1.

An SSRF issue was discovered in Zammad before 3.4.1.

Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI.

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning.

An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust.

An issue was discovered in the branca crate before 0.10.0 for Rust.

Certain NETGEAR devices are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by command injection by an authenticated user.

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2).

The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c).

A flaw was found in GDM in versions prior to 3.38.2.1.

track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.

Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.

The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate).

HGiga MailSherlock does not validate user parameters on multiple login pages.

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.

The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.

Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Panel - Manage User tab using the Full Name of the user.

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support.

Vidyo 02-09-/D allows clickjacking via the portal/ URI.

There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1).

HedgeDoc is a collaborative platform for writing and sharing markdown.

In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries.

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData.

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame.

dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readAPICFrame.

dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readPICFrame.

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI.

login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration.

An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust.

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.

An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.

NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.

NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory.

There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00.

In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.

An issue was discovered in Zammad before 3.5.1.

An issue was discovered in Zammad before 3.5.1.

An account-enumeration issue was discovered in Zammad before 3.4.1.

An issue was discovered in Zammad before 3.4.1.

An issue was discovered in Zammad before 3.4.1.

An issue was discovered in Zammad before 3.4.1.

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.

Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device.

zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).

An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress.

Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page.

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters).

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page.

A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current.

A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current.

FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component.

FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component.

Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field.

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component.

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by Stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.

OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image.

OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail.

nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field.

NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.

An issue was discovered in Zammad before 3.4.1.

NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user.

In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability.

In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability.

In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability.

In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability.

An issue was discovered in the thex crate through 2020-12-08 for Rust.

An issue was discovered in the magnetic crate before 2.0.1 for Rust.

An issue was discovered in the try-mutex crate before 0.3.0 for Rust.

An issue was discovered in the mio crate before 0.7.6 for Rust.

An issue was discovered in the miow crate before 0.3.6 for Rust.

An issue was discovered in the socket2 crate before 0.3.16 for Rust.

An issue was discovered in the net2 crate before 0.2.36 for Rust.

An issue was discovered in the pyo3 crate before 0.12.4 for Rust.

An issue was discovered in the image crate before 0.23.12 for Rust.

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust.

An issue was discovered in the lock_api crate before 0.4.2 for Rust.

An issue was discovered in the futures-util crate before 0.3.2 for Rust.

An issue was discovered in the futures-task crate before 0.3.5 for Rust.

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust.

An issue was discovered in the dync crate before 0.5.0 for Rust.

An issue was discovered in the array-queue crate through 2020-09-26 for Rust.

An issue was discovered in the actix-service crate before 1.0.6 for Rust.

Certain NETGEAR devices are affected by disclosure of sensitive information.

Certain NETGEAR devices are affected by disclosure of sensitive information.

There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185(C00R2P1).

An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll.

NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.

Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order).

An issue was discovered in the atom crate before 0.3.6 for Rust.

An issue was discovered in the arr crate through 2020-08-25 for Rust.

An issue was discovered in the concread crate before 0.2.6 for Rust.

An issue was discovered in the lock_api crate before 0.4.2 for Rust.

An issue was discovered in the lock_api crate before 0.4.2 for Rust.

An issue was discovered in the lock_api crate before 0.4.2 for Rust.

An issue was discovered in the lock_api crate before 0.4.2 for Rust.

An issue was discovered in the futures-util crate before 0.3.7 for Rust.