CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-38143
https://notcve.org/view.php?id=CVE-2021-38143
An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the customer to log in and proceed with a change of name and last name. However, these fields are vulnerable to XSS payload insertion, being triggered in the admin panel when the admin tries to see the client list. This type of XSS (stored) can lead to the extraction of the PHPSESSID cookie belonging to the admin. Se ha detectado un problema en Form Tools versiones hasta 3.0.20. • https://bernardofsr.github.io/blog/2021/form-tools https://github.com/bernardofsr/CVEs-With-PoC/blob/main/PoCs/Form%20Tools/README.md https://github.com/formtools/core https://www.formtools.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-38145
https://notcve.org/view.php?id=CVE-2021-38145
An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/export_manager/export.php?export_group_id=1&export_group_1_results=all&export_type_id=1. Se ha detectado un problema en Form Tools versiones hasta 3.0.20. Puede producirse una inyección SQL por medio del campo export_group_id cuando un usuario poco privilegiado (cliente) intenta exportar un formulario con datos, por ejemplo, la manipulación de modules/export_manager/export.php? • https://bernardofsr.github.io/blog/2021/form-tools https://github.com/bernardofsr/CVEs-With-PoC/blob/main/PoCs/Form%20Tools/README.md https://github.com/formtools/core https://www.formtools.org • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15235 – Sensitive data exposure in RACTF
https://notcve.org/view.php?id=CVE-2020-15235
In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched. En RACTF versiones anteriores al commit f3dc89b, los usuarios no autenticados pueden ser capaces de obtener el valor de las claves de configuración confidenciales que normalmente estarían ocultas para todos excepto para los administradores. Todas las versiones posteriores a la confirmación f3dc89b9f6ab1544a289b3efc06699b13d63e0bd (10/3/20) están parcheadas • https://github.com/ractf/core/commit/f3dc89b9f6ab1544a289b3efc06699b13d63e0bd https://github.com/ractf/core/security/advisories/GHSA-ph67-c355-52vm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 97%CPEs: 13EXPL: 2CVE-2020-15505 – Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-15505
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors. Se presenta una vulnerabilidad de ejecución de código remoto en las versiones 10.3.0.3 y anteriores del MobileIron Core y Connector, versiones 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 y 10.6.0.0; y las versiones 9 del Sentry. 7.2 y anteriores, y versiones 9.8.0; y Monitor and Reporting Database (RDB) versión 2.0.0.1 y anteriores que permite a los atacantes remotos ejecutar código arbitrario a través de vectores no especificados Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution. • http://packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.html https://cwe.mitre.org/data/definitions/41.html https://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505 https://www.mobileiron.com/en/blog/mobileiron-security-updates-available https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html https://github.com/httpvoid/CVE-Reverse/tree/master/CVE-2020-15505 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15506
https://notcve.org/view.php?id=CVE-2020-15506
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors. Una vulnerabilidad de omisión de autentificación en MobileIron Core y Connector versiones 10.3.0.3 y anteriores, versiones 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 y versión 10.6.0.0 permite a atacantes remotos omitir los mecanismos de autenticación por medio de vectores no especificados • https://www.mobileiron.com/en/blog/mobileiron-security-updates-available •