Kaseya Buys Managed SOC Provider

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-23534
PUBLISHED: 2021-02-25

A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the ‘source’ parameter.

CVE-2021-27330
PUBLISHED: 2021-02-25

Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.

CVE-2021-3124
PUBLISHED: 2021-02-25

Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.

CVE-2021-21064
PUBLISHED: 2021-02-25

Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which…

CVE-2021-21065
PUBLISHED: 2021-02-25

Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Read More HERE

Leave a Reply