Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26476PUBLISHED: 2021-03-01EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.
CVE-2021-26702PUBLISHED: 2021-03-01EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.
CVE-2021-26703PUBLISHED: 2021-03-01EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI.
CVE-2021-26704PUBLISHED: 2021-03-01EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI.
CVE-2021-27876PUBLISHED: 2021-03-01
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain ...
User Rank: Apprentice
5/19/2017 | 3:23:04 AM