{"vulnerability": "CVE-2021-4037", "sightings": [{"uuid": "f917ff81-7921-45a5-87e2-8ab34490a5d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4037", "type": "seen", "source": "https://t.me/cibsecurity/48666", "content": "\u203c CVE-2021-4037 \u203c\n\nA vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-24T20:23:00.000000Z"}, {"uuid": "e18ecca0-e4a7-4b1d-b7d6-bdb87fed494a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40373", "type": "seen", "source": "https://t.me/cibsecurity/28672", "content": "\u203c CVE-2021-40373 \u203c\n\nplaySMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T18:31:04.000000Z"}, {"uuid": "3c9be619-566b-4f31-ab4c-fe97c2600ce7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40371", "type": "seen", "source": "https://t.me/cibsecurity/31105", "content": "\u203c CVE-2021-40371 \u203c\n\nGridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-25T12:13:20.000000Z"}, {"uuid": "8bee184b-858c-4086-961e-cff671ebe8ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40379", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/842", "content": "\u7ad9\u5e6b\u4e3bCMS\u4efb\u610f\u6587\u4ef6\u4e0a\u50b3\u6f0f\u6d1e\nTG \u5168\u606fAI\u7db2\u7d61\u904b\u7dad\u5e73\u53f0 \u591a\u500b\u9060\u7a0b\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\n\u842c\u6236OA \u6587\u4ef6\u4e0a\u50b3\u6f0f\u6d1e\nReporter\u5831\u8868\u7cfb\u7d71 \u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u7d05\u5e06OA \u91ab\u9662\u7248ioFileExport.aspx \u524d\u53f0\u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u5f8c\u53f0getshell\n\u4f73\u767c\u5de1\u67e5\u6307\u63ee\u7cfb\u7d71\u7ba1\u7406\u4e2d\u5fc3 \u8d8a\u6b0a\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u9060\u7a0b\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\n\u5927\u5510\u96fb\u4fe1NVS3000\u7d9c\u5408\u8996\u983b\u76e3\u63a7\u5e73\u53f0 \u672a\u6388\u6b0a\u8a2a\u554f\u6f0f\u6d1e\n\u6df1\u5733\u5e02\u591a\u9177\u79d1\u6280WR1300\u8a2d\u5099 \u5f8c\u53f0\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\nDolibarr ERP/CRM 14.0.1 \u6b0a\u9650\u63d0\u5347\u6f0f\u6d1e\nOpenSIS Community 8.0 - 'cp id miss attn' SQL\u6ce8\u5165\u6f0f\u6d1e\nCVE-2021-40378 Compro Technology IP Camera - 'killps.cgi' \u62d2\u7d55\u670d\u52d9\u6f0f\u6d1e\nCVE-2021-40379 Compro Technology IP Camera - RTSP stream disclosure\nCVE-2021-40380 Compro Technology IP Camera - 'Multiple' \u6191\u8b49\u6cc4\u9732\u6f0f\u6d1e\nCVE-2021-40381 Compro Technology IP Camera - ' index MJpeg.cgi' Stream Disclosure \nCVE-2021-40382 Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure\nWPanel 4.3.1 \u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nWordPress Plugin Duplicate Page 4.4.1 XSS\u6f0f\u6d1e\nRiskscanner list SQL\u6ce8\u5165\u6f0f\u6d1e\n\u8607\u5dde\u79d1\u9054\u79d1\u6280\u80a1\u4efd\u6709\u9650\u516c\u53f8\u7db2\u7d61\u9375\u76e4\u63a7\u5236\u53f0 \u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u81f4\u9060OA Fastjson\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u524d\u53f0SQL\u6ce8\u5165\u6f0f\u6d1e\n\u5927\u5510\u96fb\u4fe1NVS3000\u7d9c\u5408\u8996\u983b\u76e3\u63a7\u5e73\u53f0 SQL\u6ce8\u5165\u6f0f\u6d1e\nH5S\u8996\u983b\u5e73\u53f0 \u654f\u611f\u4fe1\u606f\u6d29\u9732\u6f0f\u6d1e", "creation_timestamp": "2021-09-21T04:41:53.000000Z"}, {"uuid": "5ad1b10a-5bd4-4513-a3f3-91a67bfb768c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40378", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/842", "content": "\u7ad9\u5e6b\u4e3bCMS\u4efb\u610f\u6587\u4ef6\u4e0a\u50b3\u6f0f\u6d1e\nTG \u5168\u606fAI\u7db2\u7d61\u904b\u7dad\u5e73\u53f0 \u591a\u500b\u9060\u7a0b\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\n\u842c\u6236OA \u6587\u4ef6\u4e0a\u50b3\u6f0f\u6d1e\nReporter\u5831\u8868\u7cfb\u7d71 \u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u7d05\u5e06OA \u91ab\u9662\u7248ioFileExport.aspx \u524d\u53f0\u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u5f8c\u53f0getshell\n\u4f73\u767c\u5de1\u67e5\u6307\u63ee\u7cfb\u7d71\u7ba1\u7406\u4e2d\u5fc3 \u8d8a\u6b0a\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u9060\u7a0b\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\n\u5927\u5510\u96fb\u4fe1NVS3000\u7d9c\u5408\u8996\u983b\u76e3\u63a7\u5e73\u53f0 \u672a\u6388\u6b0a\u8a2a\u554f\u6f0f\u6d1e\n\u6df1\u5733\u5e02\u591a\u9177\u79d1\u6280WR1300\u8a2d\u5099 \u5f8c\u53f0\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\nDolibarr ERP/CRM 14.0.1 \u6b0a\u9650\u63d0\u5347\u6f0f\u6d1e\nOpenSIS Community 8.0 - 'cp id miss attn' SQL\u6ce8\u5165\u6f0f\u6d1e\nCVE-2021-40378 Compro Technology IP Camera - 'killps.cgi' \u62d2\u7d55\u670d\u52d9\u6f0f\u6d1e\nCVE-2021-40379 Compro Technology IP Camera - RTSP stream disclosure\nCVE-2021-40380 Compro Technology IP Camera - 'Multiple' \u6191\u8b49\u6cc4\u9732\u6f0f\u6d1e\nCVE-2021-40381 Compro Technology IP Camera - ' index MJpeg.cgi' Stream Disclosure \nCVE-2021-40382 Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure\nWPanel 4.3.1 \u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nWordPress Plugin Duplicate Page 4.4.1 XSS\u6f0f\u6d1e\nRiskscanner list SQL\u6ce8\u5165\u6f0f\u6d1e\n\u8607\u5dde\u79d1\u9054\u79d1\u6280\u80a1\u4efd\u6709\u9650\u516c\u53f8\u7db2\u7d61\u9375\u76e4\u63a7\u5236\u53f0 \u4efb\u610f\u6587\u4ef6\u8b80\u53d6\u6f0f\u6d1e\n\u81f4\u9060OA Fastjson\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\n\u4e2d\u9060\u9e92\u9e9f\u5821\u58d8\u6a5f \u524d\u53f0SQL\u6ce8\u5165\u6f0f\u6d1e\n\u5927\u5510\u96fb\u4fe1NVS3000\u7d9c\u5408\u8996\u983b\u76e3\u63a7\u5e73\u53f0 SQL\u6ce8\u5165\u6f0f\u6d1e\nH5S\u8996\u983b\u5e73\u53f0 \u654f\u611f\u4fe1\u606f\u6d29\u9732\u6f0f\u6d1e", "creation_timestamp": "2021-09-21T04:41:53.000000Z"}]}