Pottr:Real time threats




CVE-2021-44720

Severity: HIGH

Base Score: 7.2
Source
Last Modified: 2022/08/16 18:27:00

Description: In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role.


CVE-2021-1585

Severity: HIGH

Base Score: 8.1
Source
Last Modified: 2022/08/16 18:15:00

Description: A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM.


CVE-2020-21365

Severity: HIGH

Base Score: 7.5
Source
Last Modified: 2022/08/16 17:37:00

Description: Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.


CVE-2020-21641

Severity: HIGH

Base Score: 7.5
Source
Last Modified: 2022/08/16 17:29:00

Description: Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file.


CVE-2020-21642

Severity: CRITICAL

Base Score: 9.8
Source
Last Modified: 2022/08/16 17:28:00

Description: Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.