CISA to Federal Agencies: Immediately Patch or ‘Disconnect’ Microsoft Exchange Servers

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-21312
PUBLISHED: 2021-03-03

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen…

CVE-2021-21313
PUBLISHED: 2021-03-03

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not proper…

CVE-2021-21314
PUBLISHED: 2021-03-03

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.

CVE-2021-27931
PUBLISHED: 2021-03-03

LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.

CVE-2021-27935
PUBLISHED: 2021-03-03

An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user’s cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.