{"vulnerability": "CVE-2021-3738", "sightings": [{"uuid": "5d4340f9-6166-443e-a3b9-24c0d141a557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37389", "type": "seen", "source": "https://t.me/cibsecurity/27096", "content": "\u203c CVE-2021-37389 \u203c\n\nChamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-11T00:37:34.000000Z"}, {"uuid": "a236742b-2d14-4a9a-b29f-9fe686c50e9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37386", "type": "seen", "source": "https://t.me/cibsecurity/66841", "content": "\u203c CVE-2021-37386 \u203c\n\nFurukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-17T20:51:52.000000Z"}, {"uuid": "2ecb8b55-6fd1-479e-9920-71e35a5f8c19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37384", "type": "seen", "source": "https://t.me/cibsecurity/66853", "content": "\u203c CVE-2021-37384 \u203c\n\nA remote command execution (RCE) vulnerability in the web interface component of Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 allows unauthenticated attackers to send arbitrary commands to the device via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T00:45:21.000000Z"}, {"uuid": "d3032507-2751-4d8e-972a-1af7931e2405", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37381", "type": "seen", "source": "https://t.me/cibsecurity/26927", "content": "\u203c CVE-2021-37381 \u203c\n\nSouthsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]. Among them, the code in [1] is a random string generated according to the user's login related information. It can protect the user's identity, but it can not effectively prevent unauthorized access. The code in [2] is the student number of any student. The attacker can carry out CSRF attack on the system by modifying [2] without modifying [1].\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T16:32:42.000000Z"}, {"uuid": "007a9aad-229c-435c-9120-76bfd1b45528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37388", "type": "seen", "source": "https://t.me/cibsecurity/26926", "content": "\u203c CVE-2021-37388 \u203c\n\nA buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T16:32:41.000000Z"}]}