Category Archives: Advisories

[AIT-SA-20220208-01] SexyPolling SQL Injection

Read Time:18 Second

Posted by sec-advisory on Apr 22

SexyPolling SQL Injection

====================

| Identifier: | AIT-SA-20220208-01|
| Target: | Sexy Polling ( Joomla Extension) |
| Vendor: | 2glux |
| Version: | all versions below version 2.1.8 |
| CVE: | Not yet |
| Accessibility: | Remote |
| Severity: | Critical |
| Author: | Wolfgang Hotwagner (AIT Austrian Institute of Technology) |

Summary

========

[Sexy Polling is a Joomla Extension for votes.](https://2glux.com/projects/sexypolling

Read More

CVE-2021-40680: Artica Proxy VMWare Appliance 4.30.000000 <=[SP273] Rev.1

Read Time:3 Second

Posted by Heiko Feldhusen via Fulldisclosure on Apr 22

—————————————————————

—————————————————————

—————————————————————

—————————————————————

—————————————————————

—————————————————————…

Read More

esh-0.3.2-1.fc36

Read Time:12 Second

FEDORA-2022-c4e644865f

Packages in this update:

esh-0.3.2-1.fc36

Update description:

Honor umask of existing file or parent process when using -o option
Make trap rm -f more robust, resistant to Command Injection attack

Read More

esh-0.3.2-1.fc35

Read Time:12 Second

FEDORA-2022-f6e24d96b6

Packages in this update:

esh-0.3.2-1.fc35

Update description:

Honor umask of existing file or parent process when using -o option
Make trap rm -f more robust, resistant to Command Injection attack

Read More

esh-0.3.2-1.fc34

Read Time:12 Second

FEDORA-2022-bc5c8ee61e

Packages in this update:

esh-0.3.2-1.fc34

Update description:

Honor umask of existing file or parent process when using -o option
Make trap rm -f more robust, resistant to Command Injection attack

Read More

CVE-2021-20464

Read Time:11 Second

IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.

Read More

CVE-2020-14123

Read Time:18 Second

There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges.

Read More