Security Vulnerability Advisories

Summary

CVE-2021-3160
CVE-2020-27850
CVE-2020-27851
CVE-2020-27852
CVE-2019-12305
CVE-2019-12304
CVE-2019-12307
CVE-2019-12306
CVE-2019-12547
CVE-2019-19356

 

CVE-2021-3160

Publication Date: 01.26.2021
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory_CVE-2021-3160.txt

ACA ASSUREX RENTES ASSUWEB 359.3 Java Deserialization - Unauthenticated Remote Code Execution


CVE-2020-27850

Publication Date: 2021.01.15
Revision: 1.2
Link: https://digital.security/advisories/cert-ds_advisory_CVE-2020-27850.txt

A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
 

CVE-2020-27851

Publication Date: 2021.01.15
Revision: 1.3
Link: https://digital.security/advisories/cert-ds_advisory_CVE-2020-27851.txt

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
 

CVE-2020-27852

Publication Date: 2021.01.15
Revision: 1.1
Link: https://digital.security/advisories/cert-ds_advisory_CVE-2020-27852.txt

A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
 

CVE-2019-12305

Publication Date: 04/29/2020
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory-ezcast_pro_ii_admin_password-cve-2019-12305.txt

Information Disclosure of Admin Password - EZCast Pro II
 

CVE-2019-12304

Publication Date: 04/29/2020
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory-ezcast_pro_ii_arbitrary_file_upload-cve-2019-12304.txt

Arbitrary File Upload leading to Unauthenticated Remote Code Execution - EZCast Pro II

 

CVE-2019-12307

Publication Date: 04/29/2020
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory-ezcast_pro_ii_csrf-cve-2019-12307.txt

Multiple Cross-Site Request Forgery - EZCast Pro II

 

CVE-2019-12306

Publication Date: 04/29/2020
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory-ezcast_pro_ii_unauthenticated_settings_modification-cve-2019-12306.txt

Unauthenticated Settings Modification - EZCast Pro II


CVE-2019-12547

Publication Date: 04/17/2020
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory-opentrust_mft_xss-cve-2019-12547.txt

Reflected XSS in OpenTrust MFT


CVE-2019-19356

Publication Date: 25/11/2019
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory_netis_router_wf2419_-_cve-2019-19356.txt
Blogpost: https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356

Netis WF2419 V1.2.31805 to V2.2.36123 - Remote Code Execution
 
Français