2021
07.31

ObjectPlanet Opinio versions 7.13 and 7.14 suffer from an XML external entity injection vulnerability.

more details here.

2021
07.31

ObjectPlanet Opinio version 7.13 suffers from an expression language injection vulnerability.

more details here.

2021
07.31

ObjectPlanet Opinio version 7.13 suffers from a remote shell upload vulnerability.

more details here.

2021
07.31

Panasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privileges if a logged-in user visits a malicious web site.

more details here.

2021
07.31

Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is in the sudoers.d/pihole file with no password.

more details here.

2021
07.31

http://korat7.go.th/hi.htm notified by YIIX103

mirror site here.

2021
07.30

Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is in the sudoers.d/pihole file with no password.

2021
07.30

IntelliChoice eFORCE Software Suite version 2.5.9 allows for username enumeration.

more details here.

2021
07.30

Care2x Integrated Hospital Info System version 2.7 suffers from multiple remote SQL injection vulnerabilities.

more details here.

2021
07.30

CloverDX version 5.9.0 cross site request forgery to remote code execution exploit.

more details here.