[FD] Trovent Security Advisory 2103-02 / Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0

# Trovent Security Advisory 2103-02 # # Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 ## Overview Advisory ID: TRSA-2103-02 Advisory version: 1.0 Advisory status: Public Advisory URL: http

[FD] Trovent Security Advisory 2103-01 / Authenticated SQL injection in ERPNext 13.0.0/12.18.0

# Trovent Security Advisory 2103-01 # # Authenticated SQL injection in ERPNext 13.0.0/12.18.0 # Overview Advisory ID: TRSA-2103-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https:

[FD] CVE-2021-32051 Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.

CVE-2021-32051 Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter. [Additional Information] PoC Payload: id=test' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,N

[FD] Backdoor.Win32.Antilam.13.a / Unauthenticated Remote Command Execution

Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/1ef711b34cc278449f1997e4ed06334a.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.13.a Vulnerability: Unauthenticated Remote Command Execution Description: Th

[FD] Backdoor.Win32.MotivFTP.12 / Authentication Bypass RCE

Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/88785a093b8fa00893214dd220ac255d.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.MotivFTP.12 Vulnerability: Authentication Bypass RCE Description: The malware listen

Re: [FD] Three vulnerabilities found in MikroTik's RouterOS

Got it! Thank you for the explanation! On Sat, May 8, 2021 at 4:53 AM Q C wrote: > Hi, > > In Mikrotik RouterOs, each user is assigned to a user group, which denotes > the rights of this user. A group policy is a combination of individual > policy items, and provides a convenient way to assign d

[FD] Four vulnerabilities found in MikroTik's RouterOS

Advisory: four vulnerabilities found in MikroTik's RouterOS Details === Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: only CVE-2020-20227 is fixed CVE: CVE-2020-20220, CVE-2020-20227, CVE-2020-20245, CVE-2020-20246 Credit: Qian Chen(@cq674350529) of Qihoo 360

Re: [FD] Three vulnerabilities found in MikroTik's RouterOS

Hi, In Mikrotik RouterOs, each user is assigned to a user group, which denotes the rights of this user. A group policy is a combination of individual policy items, and provides a convenient way to assign different permissions and access rights to different user classes.(Reference: https://help

Re: [FD] Three vulnerabilities found in MikroTik's RouterOS

Hi, I might be missing something, but how are these considered vulnerabilities? My point is that these require authentication, and an already authenticated user already has permissions to reboot the device anyway, right? If the above assumption is correct, then there isn't really a security bound