{"vulnerability": "CVE-2021-3672", "sightings": [{"uuid": "d47fded3-390b-401e-a7e1-88da1bb4814f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36724", "type": "seen", "source": "https://t.me/cibsecurity/34748", "content": "\u203c CVE-2021-36724 \u203c\n\nForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn't have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-29T20:31:28.000000Z"}, {"uuid": "5b178c2a-403a-4ab2-8dda-5c02fe06a1bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36722", "type": "seen", "source": "https://t.me/cibsecurity/34741", "content": "\u203c CVE-2021-36722 \u203c\n\nEmuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-29T18:32:31.000000Z"}, {"uuid": "f635c2de-4571-4ad6-9c58-6876e6c62b2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36720", "type": "seen", "source": "https://t.me/cibsecurity/33642", "content": "\u203c CVE-2021-36720 \u203c\n\nPineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=alert(1) and stealing cookies .\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-08T22:23:04.000000Z"}, {"uuid": "e4005c58-4c63-4ea6-b731-1a56359c81e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36723", "type": "seen", "source": "https://t.me/cibsecurity/34739", "content": "\u203c CVE-2021-36723 \u203c\n\nEmuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-29T18:32:26.000000Z"}, {"uuid": "36d2de67-c90e-43f7-92f8-88e6739edb52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36721", "type": "seen", "source": "https://t.me/cibsecurity/33925", "content": "\u203c CVE-2021-36721 \u203c\n\nSysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-14T16:13:01.000000Z"}, {"uuid": "291f8e12-480f-4eb4-a6b0-7f90302c0501", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3672", "type": "seen", "source": "https://t.me/cibsecurity/32877", "content": "\u203c CVE-2021-3672 \u203c\n\nA flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-23T22:21:06.000000Z"}]}