{"vulnerability": "CVE-2021-4459", "sightings": [{"uuid": "c0ab2597-cb39-467c-882e-153432850d88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44595", "type": "exploited", "source": "https://www.exploit-db.com/exploits/50912", "content": "", "creation_timestamp": "2022-05-11T00:00:00.000000Z"}, {"uuid": "f3b515d8-b8a7-473c-beae-8344444e57d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44597", "type": "seen", "source": "https://t.me/cibsecurity/38748", "content": "\u203c CVE-2021-44597 \u203c\n\nAn Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in project_configure function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-11T00:13:11.000000Z"}, {"uuid": "c5b84cfb-68d7-4af7-b52e-3a7aa04aee62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4459", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:41.000000Z"}, {"uuid": "8d350a2d-ad29-4b96-a504-680a3236b9c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44593", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1373", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPublic disclosure of CVE-2021-44593.\nURL\uff1ahttps://github.com/Mister-Joe/CVE-2021-44593", "creation_timestamp": "2022-01-21T08:40:43.000000Z"}, {"uuid": "8ac217d0-ef4f-40a9-9232-4b05fc3cfa09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44595", "type": "seen", "source": "https://t.me/cibsecurity/41631", "content": "\u203c CVE-2021-44595 \u203c\n\nWondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-29T16:25:07.000000Z"}, {"uuid": "408b53f4-607c-4695-b4e9-514fcd1aeadb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44596", "type": "seen", "source": "https://t.me/cibsecurity/41630", "content": "\u203c CVE-2021-44596 \u203c\n\nWondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the \"InstallAssistService.exe\" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-29T16:25:05.000000Z"}, {"uuid": "d858732f-a8f5-429e-852e-1f189eeaaccb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4459", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "a436891b-4125-4298-a09b-b4f0a7cefc92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4459", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/115099698555374241", "content": "", "creation_timestamp": "2025-08-27T08:07:01.851727Z"}, {"uuid": "442c52a3-ddbf-42da-96dc-5773c1fa809d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44591", "type": "seen", "source": "https://t.me/cibsecurity/35046", "content": "\u203c CVE-2021-44591 \u203c\n\nIn libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-06T16:41:11.000000Z"}, {"uuid": "0eee1277-99e5-4c3f-a71a-f17045274f8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44590", "type": "seen", "source": "https://t.me/cibsecurity/35038", "content": "\u203c CVE-2021-44590 \u203c\n\nIn libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-06T16:40:59.000000Z"}, {"uuid": "d98e282a-08be-4018-aada-c782ac5495b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44599", "type": "seen", "source": "https://t.me/cibsecurity/34563", "content": "\u203c CVE-2021-44599 \u203c\n\nThe id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-23T16:19:11.000000Z"}, {"uuid": "352c90ea-3550-4e11-8add-e7187392d6e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44593", "type": "seen", "source": "https://t.me/cibsecurity/36063", "content": "\u203c CVE-2021-44593 \u203c\n\nSimple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-21T22:14:25.000000Z"}]}