{"vulnerability": "cve-2021-3671", "sightings": [{"uuid": "eefc6178-bf67-4350-993e-a0d6bb71bf56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36717", "type": "seen", "source": "https://t.me/cibsecurity/28340", "content": "\u203c CVE-2021-36717 \u203c\n\nIn order to perform a directory traversal attack, all an attacker needs is a web browser and some knowledge on where to blindly find any default files and directories on the system. on the \"Name\" parameter the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-07T16:17:25.000000Z"}, {"uuid": "76e31b8a-630a-4e69-8c86-e0fa3ad6c0fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36713", "type": "seen", "source": "Telegram/qE0ncm3_mKeSGbMxxMXF2lC6A-quOgwsdrnVad3hJCu_ekZx", "content": "", "creation_timestamp": "2025-03-08T04:34:57.000000Z"}, {"uuid": "26c3d077-a228-4b16-adb1-317eb411cf6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36711", "type": "seen", "source": "https://t.me/cibsecurity/46379", "content": "\u203c CVE-2021-36711 \u203c\n\nWebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-16T20:26:41.000000Z"}, {"uuid": "abdec579-7f8e-4fd4-87b9-e727f79edf50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36719", "type": "seen", "source": "https://t.me/cibsecurity/33634", "content": "\u203c CVE-2021-36719 \u203c\n\nPineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-08T22:22:53.000000Z"}, {"uuid": "f28dbd88-47f5-4215-bd57-91832487aa2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36718", "type": "seen", "source": "https://t.me/cibsecurity/33643", "content": "\u203c CVE-2021-36718 \u203c\n\nSYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Working hours etc') The vulnerabilety has been addressed and fixed on version 11. Default credentials , Security miscommunication , Sensetive data exposure vulnerability in Synel Reports of SYNEL eharmonynew, Synel Reports allows an attacker to log into the system with default credentials. This issue affects: SYNEL eharmonynew, Synel Reports 8.0.2 version 11 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-08T22:23:08.000000Z"}, {"uuid": "a705f0ea-9b61-4987-bcab-2253684cb8a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36712", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8890", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-36712\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.\n\ud83d\udccf Published: 2023-02-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-26T16:14:41.464Z\n\ud83d\udd17 References:\n1. http://yzmcms.com\n2. https://github.com/linuka-deception/yzmcms6.1.git", "creation_timestamp": "2025-03-26T16:25:24.000000Z"}, {"uuid": "13e8ceb4-fa3b-4832-adc7-ba4b244c82cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36713", "type": "seen", "source": "https://t.me/cibsecurity/59520", "content": "\u203c CVE-2021-36713 \u203c\n\nCross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T00:13:20.000000Z"}, {"uuid": "b7506783-3e8e-4d48-95b8-d93ee55b1e49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36712", "type": "seen", "source": "https://t.me/cibsecurity/57480", "content": "\u203c CVE-2021-36712 \u203c\n\nCross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T20:20:59.000000Z"}, {"uuid": "e71f8854-99d6-44a0-8296-70cb042f93cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3671", "type": "seen", "source": "https://t.me/cibsecurity/30449", "content": "\u203c CVE-2021-3671 \u203c\n\nA null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-12T22:25:52.000000Z"}]}