{"vulnerability": "CVE-2021-4038", "sightings": [{"uuid": "d39fa5eb-08ef-4971-ad16-f9a3063f9fc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40386", "type": "seen", "source": "https://t.me/cibsecurity/40848", "content": "\u203c CVE-2021-40386 \u203c\n\nKaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T12:19:53.000000Z"}, {"uuid": "194be2c6-7b7d-4c1f-a9f5-53144ec48240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4038", "type": "seen", "source": "https://t.me/cibsecurity/33689", "content": "\u203c CVE-2021-4038 \u203c\n\nCross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-09T18:23:52.000000Z"}, {"uuid": "acc90d18-1c29-4474-af2a-ac898ab78f3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40385", "type": "seen", "source": "https://t.me/cibsecurity/28192", "content": "\u203c CVE-2021-40385 \u203c\n\nAn issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-02T00:35:09.000000Z"}, {"uuid": "42926503-9d74-41f0-806b-22f0ea87a341", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40387", "type": "seen", "source": "https://t.me/cibsecurity/28198", "content": "\u203c CVE-2021-40387 \u203c\n\nAn issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-02T00:35:28.000000Z"}, {"uuid": "baba9d91-623e-48fa-94ce-ec28db0f94c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40380", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/842", "content": "\u7ad9\u5e6b\u4e3bCMS\u4efb\u610f\u6587\u4ef6\u4e0a\u50b3\u6f0f\u6d1e\nTG \u5168\u606fAI\u7db2\u7d61\u904b\u7dad\u5e73\u53f0 \u591a\u500b\u9060\u7a0b\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\n\u842c\u6236OA \u6587\u4ef6\u4e0a\u50b3\u6f0f\u6d1e\nReporter\u5831\u8868\u7cfb\u7d71 \u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u7d05\u5e06OA \u91ab\u9662\u7248ioFileExport.aspx \u524d\u53f0\u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u5f8c\u53f0getshell\n\u4f73\u767c\u5de1\u67e5\u6307\u63ee\u7cfb\u7d71\u7ba1\u7406\u4e2d\u5fc3 \u8d8a\u6b0a\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u9060\u7a0b\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\n\u5927\u5510\u96fb\u4fe1NVS3000\u7d9c\u5408\u8996\u983b\u76e3\u63a7\u5e73\u53f0 \u672a\u6388\u6b0a\u8a2a\u554f\u6f0f\u6d1e\n\u6df1\u5733\u5e02\u591a\u9177\u79d1\u6280WR1300\u8a2d\u5099 \u5f8c\u53f0\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\nDolibarr ERP/CRM 14.0.1 \u6b0a\u9650\u63d0\u5347\u6f0f\u6d1e\nOpenSIS Community 8.0 - 'cp id miss attn' SQL\u6ce8\u5165\u6f0f\u6d1e\nCVE-2021-40378 Compro Technology IP Camera - 'killps.cgi' \u62d2\u7d55\u670d\u52d9\u6f0f\u6d1e\nCVE-2021-40379 Compro Technology IP Camera - RTSP stream disclosure\nCVE-2021-40380 Compro Technology IP Camera - 'Multiple' \u6191\u8b49\u6cc4\u9732\u6f0f\u6d1e\nCVE-2021-40381 Compro Technology IP Camera - ' index MJpeg.cgi' Stream Disclosure \nCVE-2021-40382 Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure\nWPanel 4.3.1 \u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nWordPress Plugin Duplicate Page 4.4.1 XSS\u6f0f\u6d1e\nRiskscanner list SQL\u6ce8\u5165\u6f0f\u6d1e\n\u8607\u5dde\u79d1\u9054\u79d1\u6280\u80a1\u4efd\u6709\u9650\u516c\u53f8\u7db2\u7d61\u9375\u76e4\u63a7\u5236\u53f0 \u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u81f4\u9060OA Fastjson\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u524d\u53f0SQL\u6ce8\u5165\u6f0f\u6d1e\n\u5927\u5510\u96fb\u4fe1NVS3000\u7d9c\u5408\u8996\u983b\u76e3\u63a7\u5e73\u53f0 SQL\u6ce8\u5165\u6f0f\u6d1e\nH5S\u8996\u983b\u5e73\u53f0 \u654f\u611f\u4fe1\u606f\u6d29\u9732\u6f0f\u6d1e", "creation_timestamp": "2021-09-21T04:41:53.000000Z"}, {"uuid": "93d318b3-acc6-4337-90d3-7f3572a3ecbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40382", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/842", "content": "\u7ad9\u5e6b\u4e3bCMS\u4efb\u610f\u6587\u4ef6\u4e0a\u50b3\u6f0f\u6d1e\nTG \u5168\u606fAI\u7db2\u7d61\u904b\u7dad\u5e73\u53f0 \u591a\u500b\u9060\u7a0b\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\n\u842c\u6236OA \u6587\u4ef6\u4e0a\u50b3\u6f0f\u6d1e\nReporter\u5831\u8868\u7cfb\u7d71 \u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u7d05\u5e06OA \u91ab\u9662\u7248ioFileExport.aspx \u524d\u53f0\u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u5f8c\u53f0getshell\n\u4f73\u767c\u5de1\u67e5\u6307\u63ee\u7cfb\u7d71\u7ba1\u7406\u4e2d\u5fc3 \u8d8a\u6b0a\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u9060\u7a0b\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\n\u5927\u5510\u96fb\u4fe1NVS3000\u7d9c\u5408\u8996\u983b\u76e3\u63a7\u5e73\u53f0 \u672a\u6388\u6b0a\u8a2a\u554f\u6f0f\u6d1e\n\u6df1\u5733\u5e02\u591a\u9177\u79d1\u6280WR1300\u8a2d\u5099 \u5f8c\u53f0\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\nDolibarr ERP/CRM 14.0.1 \u6b0a\u9650\u63d0\u5347\u6f0f\u6d1e\nOpenSIS Community 8.0 - 'cp id miss attn' SQL\u6ce8\u5165\u6f0f\u6d1e\nCVE-2021-40378 Compro Technology IP Camera - 'killps.cgi' \u62d2\u7d55\u670d\u52d9\u6f0f\u6d1e\nCVE-2021-40379 Compro Technology IP Camera - RTSP stream disclosure\nCVE-2021-40380 Compro Technology IP Camera - 'Multiple' \u6191\u8b49\u6cc4\u9732\u6f0f\u6d1e\nCVE-2021-40381 Compro Technology IP Camera - ' index MJpeg.cgi' Stream Disclosure \nCVE-2021-40382 Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure\nWPanel 4.3.1 \u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nWordPress Plugin Duplicate Page 4.4.1 XSS\u6f0f\u6d1e\nRiskscanner list SQL\u6ce8\u5165\u6f0f\u6d1e\n\u8607\u5dde\u79d1\u9054\u79d1\u6280\u80a1\u4efd\u6709\u9650\u516c\u53f8\u7db2\u7d61\u9375\u76e4\u63a7\u5236\u53f0 \u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u81f4\u9060OA Fastjson\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u524d\u53f0SQL\u6ce8\u5165\u6f0f\u6d1e\n\u5927\u5510\u96fb\u4fe1NVS3000\u7d9c\u5408\u8996\u983b\u76e3\u63a7\u5e73\u53f0 SQL\u6ce8\u5165\u6f0f\u6d1e\nH5S\u8996\u983b\u5e73\u53f0 \u654f\u611f\u4fe1\u606f\u6d29\u9732\u6f0f\u6d1e", "creation_timestamp": "2021-09-21T04:41:53.000000Z"}, {"uuid": "b7f6e522-3e7b-4741-af23-29b1fd92197b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40381", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/842", "content": "\u7ad9\u5e6b\u4e3bCMS\u4efb\u610f\u6587\u4ef6\u4e0a\u50b3\u6f0f\u6d1e\nTG \u5168\u606fAI\u7db2\u7d61\u904b\u7dad\u5e73\u53f0 \u591a\u500b\u9060\u7a0b\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\n\u842c\u6236OA \u6587\u4ef6\u4e0a\u50b3\u6f0f\u6d1e\nReporter\u5831\u8868\u7cfb\u7d71 \u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u7d05\u5e06OA \u91ab\u9662\u7248ioFileExport.aspx \u524d\u53f0\u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u5f8c\u53f0getshell\n\u4f73\u767c\u5de1\u67e5\u6307\u63ee\u7cfb\u7d71\u7ba1\u7406\u4e2d\u5fc3 \u8d8a\u6b0a\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u9060\u7a0b\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\n\u5927\u5510\u96fb\u4fe1NVS3000\u7d9c\u5408\u8996\u983b\u76e3\u63a7\u5e73\u53f0 \u672a\u6388\u6b0a\u8a2a\u554f\u6f0f\u6d1e\n\u6df1\u5733\u5e02\u591a\u9177\u79d1\u6280WR1300\u8a2d\u5099 \u5f8c\u53f0\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\nDolibarr ERP/CRM 14.0.1 \u6b0a\u9650\u63d0\u5347\u6f0f\u6d1e\nOpenSIS Community 8.0 - 'cp id miss attn' SQL\u6ce8\u5165\u6f0f\u6d1e\nCVE-2021-40378 Compro Technology IP Camera - 'killps.cgi' \u62d2\u7d55\u670d\u52d9\u6f0f\u6d1e\nCVE-2021-40379 Compro Technology IP Camera - RTSP stream disclosure\nCVE-2021-40380 Compro Technology IP Camera - 'Multiple' \u6191\u8b49\u6cc4\u9732\u6f0f\u6d1e\nCVE-2021-40381 Compro Technology IP Camera - ' index MJpeg.cgi' Stream Disclosure \nCVE-2021-40382 Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure\nWPanel 4.3.1 \u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nWordPress Plugin Duplicate Page 4.4.1 XSS\u6f0f\u6d1e\nRiskscanner list SQL\u6ce8\u5165\u6f0f\u6d1e\n\u8607\u5dde\u79d1\u9054\u79d1\u6280\u80a1\u4efd\u6709\u9650\u516c\u53f8\u7db2\u7d61\u9375\u76e4\u63a7\u5236\u53f0 \u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u81f4\u9060OA Fastjson\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u524d\u53f0SQL\u6ce8\u5165\u6f0f\u6d1e\n\u5927\u5510\u96fb\u4fe1NVS3000\u7d9c\u5408\u8996\u983b\u76e3\u63a7\u5e73\u53f0 SQL\u6ce8\u5165\u6f0f\u6d1e\nH5S\u8996\u983b\u5e73\u53f0 \u654f\u611f\u4fe1\u606f\u6d29\u9732\u6f0f\u6d1e", "creation_timestamp": "2021-09-21T04:41:53.000000Z"}]}