The Tales of N4nj0

CVEs

Below is a list of Common Vulnerabilities and Exposures (CVEs) that I have published responsibly in a Coordinated Vulnerability Disclosure (CVD) approach:

  • CVE-2020-35590 | 9.8 (Critical) | Rate limit bypass on Limit Login Attempts Reloaded WordPress plugin >= 2.13.0 and < 2.17.4.
  • CVE-2020-35589 | 5.4 (Medium) | Reflected XSS on Limit Login Attempts Reloaded WordPress plugin >= 2.13.0 and < 2.17.4.
  • CVE-2021-26754 | 9.8 (Critical) | Blind SQL Injection on wpDataTables WordPress plugin <= 3.4.
  • CVE-2021-26751 | 8.8 (High) | SQL Injection on NeDi 1.9C.
  • CVE-2021-26753 | 9.9 (Critical) | Code Injection on NeDi 1.9C.
  • CVE-2021-26752 | 8.8 (High) | Command Injection on NeDi 1.9C.
  • CVE-2020-35592 | 5.4 (Medium) | Reflected XSS on Pi-hole <= 5.1.1.
  • CVE-2020-35591 | 5.4 (Medium) | Session Fixation on Pi-hole <= 5.1.1.
  • CVE-2021-24177 | 5.4 (Medium) | Reflected XSS on WP File Manager WordPress plugin <= 7.0.
  • CVE-2021-24197 | 8.1 (High) | Improper Access Control on wpDataTables WordPress plugin <= 3.4.1.
  • CVE-2021-24198 | 8.1 (High) | Improper Access Control on wpDataTables WordPress plugin <= 3.4.1.
  • CVE-2021-24199 | 6.5 (Medium) | Blind SQL Injection on wpDataTables WordPress plugin <= 3.4.1.
  • CVE-2021-24200 | 6.5 (Medium) | Blind SQL Injection on wpDataTables WordPress plugin <= 3.4.1.
  • CVE-2021-28246 | 7.8 (High) | Privilege Escalation via Dynamically Linked Shared Object Library on CA eHealth Performance Manager <= 6.3.2.12.
  • CVE-2021-28247 | 5.4 (Medium) | Multiple Reflected Cross-site Scripting on CA eHealth Performance Manager <= 6.3.2.12.
  • CVE-2021-28248 | 7.5 (High) | Improper Restriction of Excessive Authentication Attempts on CA eHealth Performance Manager <= 6.3.2.12.
  • CVE-2021-28249 | 8.8 (High) | Privilege Escalation via Dynamically Linked Shared Object Library on CA eHealth Performance Manager <= 6.3.2.12.
  • CVE-2021-28250 | 7.8 (High) | Privilege Escalation via SUID/GUID file on CA eHealth Performance Manager <= 6.3.2.12.
  • CVE-2021-38123 | 6.1 (Medium) | Open Redirect via Origin Header on Micro Focus Network Automation <= 2021.05.
  • CVE-2021-35491 | 8.1 (High) | Cross-Site Request Forgery on Wowza Streaming Engine <= 4.8.11+5.
  • CVE-2021-35492 | 6.5 (Medium) | Uncontrolled Resource Consumption on Wowza Streaming Engine <= 4.8.11+5.
  • CVE-2021-41916 | 8.8 (High) | Cross-Site Request Forgery on webTareas <= 2.4.
  • CVE-2021-41917 | 5.4 (Medium) | Stored XSS on webTareas <= 2.4.
  • CVE-2021-41918 | 5.4 (Medium) | Multiple Reflected XSS on webTareas <= 2.4.
  • CVE-2021-41919 | 8.8 (High) | Unrestricted File Upload on webTareas <= 2.4.
  • CVE-2021-41920 | 7.5 (High) | Time and Boolean-based blind SQL Injection on webTareas <= 2.4.