Skip to main content

🎉    We recently published 3 CVE's

foo

CVE-2021-35956
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.

foo

CVE-2021-3441
Stored cross-site scripting (XSS) in the embedded webserver of certain HP OfficeJet Printers—including the 4630 e-All-in-One Printer and 7110 Wide Format ePrinter— enables remote unauthenticated attackers to introduce arbitrary JavaScript via the printer name and printer location fields.

PHP Timeclock 1.04 Time and Boolean Based Blind SQL Injection

In March 2021, Tyler Butler discovered a Time and Boolean Based Blind SQL Injection in PHP Timeclock 1.04. The PoC developed was submitted to the exploit-db database in entry 49849.


Connect on Twitter