{"vulnerability": "cve-2021-3916", "sightings": [{"uuid": "facc145c-175e-48ee-ab13-537c1a72d5f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39165", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39165.yaml", "content": "", "creation_timestamp": "2023-05-26T10:28:54.000000Z"}, {"uuid": "f5eb5dac-ef35-4f52-95d8-274bd7a77668", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39161", "type": "seen", "source": "https://t.me/cibsecurity/27930", "content": "\u203c CVE-2021-39161 \u203c\n\nDiscourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse's default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-27T00:27:06.000000Z"}, {"uuid": "4be34e68-0fb0-407e-8474-bcca6c1ba707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39165", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9068", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 This Python script allows to exploit CVE-2021-39165 in Cachet prior to and including 2.3.18 automatically.\n\nhttps://github.com/W0rty/CVE-2021-39165", "creation_timestamp": "2022-03-18T06:41:26.000000Z"}, {"uuid": "9f75c115-4d30-4494-bbe7-ef42213eea63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3916", "type": "seen", "source": "https://t.me/cibsecurity/31891", "content": "\u203c CVE-2021-3916 \u203c\n\nbookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T17:26:45.000000Z"}, {"uuid": "bd10e8e4-abe2-42f8-8679-abd63a609220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39166", "type": "seen", "source": "https://t.me/cibsecurity/28165", "content": "\u203c CVE-2021-39166 \u203c\n\nPimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-01T18:35:15.000000Z"}, {"uuid": "6648fa70-22b5-4683-b744-54cb6524fe96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39164", "type": "seen", "source": "https://t.me/cibsecurity/28119", "content": "\u203c CVE-2021-39164 \u203c\n\nMatrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Server administrators should upgrade to 1.41.1 or later in order to receive the patch. One workaround is available. Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the endpoints: `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter, and `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T20:33:59.000000Z"}, {"uuid": "39870ce8-7e0a-48e6-ba02-ed8a8be48d6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39163", "type": "seen", "source": "https://t.me/cibsecurity/28104", "content": "\u203c CVE-2021-39163 \u203c\n\nMatrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable homeserver is in the room and untrusted users are permitted to create groups (communities). By default, only homeserver administrators can create groups. However, homeserver administrators can already access this information in the database or using the admin API. As a result, only homeservers where the configuration setting `enable_group_creation` has been set to `true` are impacted. Server administrators should upgrade to 1.41.1 or higher to patch the vulnerability. There are two potential workarounds. Server administrators can set `enable_group_creation` to `false` in their homeserver configuration (this is the default value) to prevent creation of groups by non-administrators. Administrators that are using a reverse proxy could, with partial loss of group functionality, block the endpoints `/_matrix/client/r0/groups/{group_id}/rooms` and `/_matrix/client/unstable/groups/{group_id}/rooms`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T20:33:36.000000Z"}, {"uuid": "57bd669e-542f-4c9e-9890-0b573dcefa35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39162", "type": "seen", "source": "https://t.me/cibsecurity/28645", "content": "\u203c CVE-2021-39162 \u203c\n\nPomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T02:30:11.000000Z"}, {"uuid": "bb1f7cce-8d96-410a-9cb9-824e432e84a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39165", "type": "seen", "source": "https://t.me/cibsecurity/27932", "content": "\u203c CVE-2021-39165 \u203c\n\nCachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet  is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-27T00:27:08.000000Z"}, {"uuid": "b039b48a-c765-4236-9f8f-0612d250a07d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39169", "type": "seen", "source": "https://t.me/cibsecurity/27944", "content": "\u203c CVE-2021-39169 \u203c\n\nMisskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise the API request token. This issue has been fixed in version 12.51.0. There are no known workarounds aside from upgrading.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-27T16:27:59.000000Z"}, {"uuid": "4bd116f0-4052-40f6-9d66-99945eba38a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39168", "type": "seen", "source": "https://t.me/cibsecurity/27940", "content": "\u203c CVE-2021-39168 \u203c\n\nOpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-27T07:28:52.000000Z"}, {"uuid": "e1b1b989-c7b5-49f9-8dc6-498b0466b773", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39167", "type": "seen", "source": "https://t.me/cibsecurity/27939", "content": "\u203c CVE-2021-39167 \u203c\n\nOpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-27T07:28:51.000000Z"}, {"uuid": "4a5cee53-b96c-4194-9154-ed85f0cf2e51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39165", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/4194", "content": "#Offensive_security\n1. From Stranger to DA:\nUsing PetitPotam to NTLM relay to Domain Administrator\nhttps://blog.truesec.com/2021/08/05/from-stranger-to-da-using-petitpotam-to-ntlm-relay-to-active-directory\n2. CVE-2021-39165:\nA Bug Bounty Journey from a Laravel SQL Injection Vulnerability\nhttps://www.leavesongs.com/PENETRATION/cachet-from-laravel-sqli-to-bug-bounty.html", "creation_timestamp": "2021-08-31T13:10:52.000000Z"}]}