{"vulnerability": "CVE-2021-3181", "sightings": [{"uuid": "3e4c89e6-7514-4d7e-b268-17cfbf5540c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31818", "type": "seen", "source": "https://t.me/cibsecurity/25522", "content": "\u203c CVE-2021-31818 \u203c\n\nAffected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn\u00e2\u20ac\u2122t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-17T18:41:07.000000Z"}, {"uuid": "12f5e4df-951f-45c0-a2c7-737e845007b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31819", "type": "seen", "source": "https://t.me/cibsecurity/29210", "content": "\u203c CVE-2021-31819 \u203c\n\nIn Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-22T07:28:27.000000Z"}, {"uuid": "6b7f6067-ef30-4b39-be29-b0acb18b911d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31816", "type": "seen", "source": "https://t.me/cibsecurity/25997", "content": "\u203c CVE-2021-31816 \u203c\n\nWhen configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-08T14:38:47.000000Z"}, {"uuid": "ebdf437a-038d-4124-82e5-d724898b7f54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31817", "type": "seen", "source": "https://t.me/cibsecurity/25996", "content": "\u203c CVE-2021-31817 \u203c\n\nWhen configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-08T14:38:46.000000Z"}, {"uuid": "4187f18c-3631-4e0e-a079-cf399d05e4a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31813", "type": "seen", "source": "https://t.me/cibsecurity/25859", "content": "\u203c CVE-2021-31813 \u203c\n\nZoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-01T16:32:27.000000Z"}, {"uuid": "c0c630d2-6ef3-4900-bc5c-4e9c334ece2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3181", "type": "seen", "source": "https://t.me/cibsecurity/22276", "content": "\u203c CVE-2021-3181 \u203c\n\nrfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-19T18:56:14.000000Z"}, {"uuid": "e096bae4-f38f-4041-ba34-97160e46ebf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31811", "type": "seen", "source": "https://t.me/cibsecurity/25427", "content": "\u203c CVE-2021-31811 \u203c\n\nIn Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-12T14:38:23.000000Z"}]}