Category Archives: Advisories

[CVE-2021-42063] SAP Knowledge Warehouse <= 7.50 "SAPIrExtHelp" Reflected XSS

Read Time:24 Second

Posted by Julien Ahrens (RCE Security) on Mar 20

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SAP Knowledge Warehouse
Vendor URL:
https://help.sap.com/viewer/816f1f952d244bbf9dd5063e2a0e66b0/7.5.21/en-US/4dc9605e4a9d6522e10000000a15822b.html
Type: Cross-Site Scripting [CWE-79]
Date found: 2021-09-21
Date published: 2022-03-17
CVSSv3 Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE:…

Read More

CVE-2021-45491: Exportable Cleartext Passwords in the 3CX Phone System

Read Time:15 Second

Posted by Emanuel DUSS on Mar 20

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: 3CX Phone System
# Vendor: 3CX
# CSNC ID: CSNC-2021-022
# CVE ID: CVE-2021-45491
# Subject: Exportable Cleartext Passwords
# CWE-ID: CWE-257 (Storing Passwords in a Recoverable Format)
# Severity: Medium
# Effect:…

Read More

CVE-2021-45490: Missing Certificate Verification in 3CX Client for Windows (legacy), Android & iOS

Read Time:15 Second

Posted by Emanuel DUSS on Mar 20

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: 3CX Client for Windows (legacy), Android & iOS
# Vendor: 3CX
# CSNC ID: CSNC-2021-021
# CVE ID: CVE-2021-45490
# Subject: Missing Certificate Verification
# CWE-ID: CWE-295 (Improper Certificate Validation)
#…

Read More

CVE-2020-26008

Read Time:10 Second

The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.

Read More