{"vulnerability": "CVE-2021-3793", "sightings": [{"uuid": "b05d51c0-5327-4832-8d36-e786f059719f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37933", "type": "seen", "source": "https://t.me/cibsecurity/30579", "content": "\u203c CVE-2021-37933 \u203c\n\nAn LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T20:27:43.000000Z"}, {"uuid": "2f95a1fe-2ea8-4976-9ad4-be2ceb7048a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37936", "type": "seen", "source": "https://t.me/cibsecurity/53198", "content": "\u203c CVE-2021-37936 \u203c\n\nIt was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-19T02:43:44.000000Z"}, {"uuid": "86678b39-519d-49b7-9aee-85be7c0bb5a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37934", "type": "seen", "source": "https://t.me/cibsecurity/33751", "content": "\u203c CVE-2021-37934 \u203c\n\nDue to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-10T20:25:17.000000Z"}, {"uuid": "3da0199d-ae5d-4071-b64c-b7b51b6b25f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37935", "type": "seen", "source": "https://t.me/cibsecurity/33749", "content": "\u203c CVE-2021-37935 \u203c\n\nAn information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the \"isLdap\" JavaScript parameter in the HTML source code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-10T20:25:15.000000Z"}, {"uuid": "5b6f4907-8a33-46cb-a7bf-8c6ebff0430c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3793", "type": "seen", "source": "https://t.me/cibsecurity/32344", "content": "\u203c CVE-2021-3793 \u203c\n\nAn improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-13T00:39:30.000000Z"}, {"uuid": "254af73f-e5b8-4e12-b58c-d79b029952eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37939", "type": "seen", "source": "https://t.me/cibsecurity/32617", "content": "\u203c CVE-2021-37939 \u203c\n\nIt was discovered that Kibana\u00e2\u20ac\u2122s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connectors to view limited HTTP response data on hosts accessible to the cluster.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T21:05:51.000000Z"}, {"uuid": "b9cab64d-5f38-48d2-a00f-5e315a86abc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37931", "type": "seen", "source": "https://t.me/cibsecurity/30190", "content": "\u203c CVE-2021-37931 \u203c\n\nZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-07T20:34:14.000000Z"}]}