{"vulnerability": "CVE-2021-3646", "sightings": [{"uuid": "63ca012b-617d-44ea-a0f5-c03e0ca9cce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36461", "type": "seen", "source": "https://t.me/cibsecurity/46310", "content": "\u203c CVE-2021-36461 \u203c\n\nAn Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-15T16:35:32.000000Z"}, {"uuid": "b1308e2e-5dba-47da-965d-3d45c3f8962c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36460", "type": "seen", "source": "https://t.me/cibsecurity/41379", "content": "\u203c CVE-2021-36460 \u203c\n\nVeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's account, rendering the benefits of storing hashed passwords in the database useless.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-25T16:36:12.000000Z"}, {"uuid": "1c429c49-6942-449e-ac27-79540d36a32b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3646", "type": "seen", "source": "https://t.me/cibsecurity/28695", "content": "\u203c CVE-2021-3646 \u203c\n\nbtcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T22:30:49.000000Z"}]}