{"vulnerability": "cve-2021-4416", "sightings": [{"uuid": "5cbc3caa-f2a6-49c9-ade5-92f7bf9370e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44168", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "af0566f5-0f47-4181-beae-45330b575398", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44168", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971188", "content": "", "creation_timestamp": "2024-12-24T20:25:35.392476Z"}, {"uuid": "5f4923cb-2225-4b2c-b5bb-471124dd7152", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-44168", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/40463b28-f314-48c2-8b16-7abed3cd8bdf", "content": "", "creation_timestamp": "2026-02-02T12:28:31.302021Z"}, {"uuid": "415489c5-edd0-451f-baee-6b8a19b7b397", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44168", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:32.000000Z"}, {"uuid": "df627a29-977a-4b00-967a-a43ad3b1237f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44168", "type": "seen", "source": "Telegram/e2q5ZJGQ_x9gO4gay07wznhPSGg_LmZZuuaIBx1GK6I9M2Bg", "content": "", "creation_timestamp": "2025-02-14T10:06:00.000000Z"}, {"uuid": "bdd1d987-3575-43e5-a010-50628e19165f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44168", "type": "published-proof-of-concept", "source": "https://t.me/hackingbra/47", "content": "1. CVE-2023-26369:\nAdobe PDF Reader RCE when processing TTF fonts\nhttps://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-26369.html\n\n2. CVE-2023-2729:\nSynology NAS DSM Account Takeover\nhttps://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure\n\n3. CVE-2021-44168:\nDownload of code without integrity check vulnerability in the \"execute restore src-vis\" command of FortiOS &lt;7.0.3\nhttps://github.com/0xhaggis/CVE-2021-44168", "creation_timestamp": "2023-10-19T03:53:43.000000Z"}, {"uuid": "6e7a7c15-906a-48f0-9e59-d934bd1d1068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44168", "type": "published-proof-of-concept", "source": "Telegram/jTS96Z2I21n4sSGjq79G_3SsbGEnPLBrsdjYas8NRZAo", "content": "", "creation_timestamp": "2023-10-22T23:11:34.000000Z"}, {"uuid": "2938876b-2e65-4434-8082-3f0499a91d4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44166", "type": "seen", "source": "https://t.me/cibsecurity/38289", "content": "\u203c CVE-2021-44166 \u203c\n\nAn improper access control vulnerability [CWE-284 ] in FortiToken Mobile\u00c2\u00a0(Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained\u00c2\u00a0a user's password to access the protected system during the 2FA procedure, even though\u00c2\u00a0the\u00c2\u00a0deny button is clicked by the legitimate user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-02T12:24:57.000000Z"}, {"uuid": "4a229393-3711-42bc-affd-4443ad207ace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44167", "type": "seen", "source": "https://t.me/cibsecurity/42354", "content": "\u203c CVE-2021-44167 \u203c\n\nAn incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T19:50:27.000000Z"}, {"uuid": "0553df81-0a10-4c02-94b4-9a2607d68615", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44162", "type": "seen", "source": "https://t.me/cibsecurity/34265", "content": "\u203c CVE-2021-44162 \u203c\n\nChain Sea ai chatbot system\u00e2\u20ac\u2122s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-20T07:40:34.000000Z"}, {"uuid": "f2405b4a-7513-4236-913e-5a2c48a6c031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44168", "type": "seen", "source": "https://t.me/cibsecurity/34917", "content": "\u203c CVE-2021-44168 \u203c\n\nA download of code without integrity check vulnerability in the \"execute restore src-vis\" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-04T16:39:22.000000Z"}, {"uuid": "2dbebdb1-ad69-4b70-b59d-b5165f1c54f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44161", "type": "seen", "source": "https://t.me/cibsecurity/34721", "content": "\u203c CVE-2021-44161 \u203c\n\nChanging MOTP (Mobile One Time Password) system\u00e2\u20ac\u2122s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-29T12:25:38.000000Z"}, {"uuid": "abdbd91c-aba0-44a7-a3a2-196adf4c2611", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44164", "type": "seen", "source": "https://t.me/cibsecurity/34267", "content": "\u203c CVE-2021-44164 \u203c\n\nChain Sea ai chatbot system\u00e2\u20ac\u2122s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-20T07:40:37.000000Z"}, {"uuid": "e3ae79ac-4a36-4adb-bb7e-663c8d788cfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44160", "type": "seen", "source": "https://t.me/cibsecurity/34723", "content": "\u203c CVE-2021-44160 \u203c\n\nCarinal Tien Hospital Health Report System\u00e2\u20ac\u2122s login page has improper authentication, a remote attacker can acquire another general user\u00e2\u20ac\u2122s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-29T12:25:40.000000Z"}, {"uuid": "06403fac-b060-465e-ad83-4af2e9d06262", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44163", "type": "seen", "source": "https://t.me/cibsecurity/34266", "content": "\u203c CVE-2021-44163 \u203c\n\nChain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-20T07:40:36.000000Z"}, {"uuid": "b73a79bf-98c4-44d6-a3de-41c9040da017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44168", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9224", "content": "#exploit\n1. CVE-2023-26369:\nAdobe PDF Reader RCE when processing TTF fonts\nhttps://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-26369.html\n\n2. CVE-2023-2729:\nSynology NAS DSM Account Takeover\nhttps://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure\n\n3. CVE-2021-44168:\nDownload of code without integrity check vulnerability in the \"execute restore src-vis\" command of FortiOS &lt;7.0.3\nhttps://github.com/0xhaggis/CVE-2021-44168", "creation_timestamp": "2023-10-19T11:01:11.000000Z"}, {"uuid": "2e436915-9179-46d6-8f6a-f0b03a4aa3b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44168", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1414", "content": "#exploit\n1. CVE-2023-26369:\nAdobe PDF Reader RCE when processing TTF fonts\nhttps://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-26369.html\n\n2. CVE-2023-2729:\nSynology NAS DSM Account Takeover\nhttps://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure\n\n3. CVE-2021-44168:\nDownload of code without integrity check vulnerability in the \"execute restore src-vis\" command of FortiOS &lt;7.0.3\nhttps://github.com/0xhaggis/CVE-2021-44168", "creation_timestamp": "2024-08-16T08:34:06.000000Z"}]}