FREE AD BLOCK TEST

Cartoon Caption Winner: Something Seems Afoul

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-26709
PUBLISHED: 2021-04-07

** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longe…

CVE-2021-30177
PUBLISHED: 2021-04-07

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.

CVE-2021-20687
PUBLISHED: 2021-04-07

Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVE-2021-20688
PUBLISHED: 2021-04-07

Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remote attackers to inject an arbitrary script via unspecified vectors.

CVE-2021-20689
PUBLISHED: 2021-04-07

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.

Exit mobile version