CVE-2019-18873 - FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
12/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18873
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18874 - psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
12/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18874
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18881 - WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
12/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18881
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18882 - WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
12/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18882
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18836 - Envoy before 1.12.1 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used.
11/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18836
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18841 - Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
11/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18841
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18849 - In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
11/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18849
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18852 - Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.
11/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18852
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18853 - ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
11/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18853
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18854 - A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '' substring.
11/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18854
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18855 - A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
11/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18855
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18856 - A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
11/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18856
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18857 - darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript :alert substring.
11/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18857
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18862 - maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
11/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18862
Partager : LinkedIn / Twitter / Facebook

CVE-2009-0035 - alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2009-0035
Partager : LinkedIn / Twitter / Facebook

CVE-2009-2802 - MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2009-2802
Partager : LinkedIn / Twitter / Facebook

CVE-2009-3552 - In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2009-3552
Partager : LinkedIn / Twitter / Facebook

CVE-2009-3614 - liboping 1.3.2 allows users reading arbitrary files upon the local system.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2009-3614
Partager : LinkedIn / Twitter / Facebook

CVE-2009-4011 - dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2009-4011
Partager : LinkedIn / Twitter / Facebook

CVE-2009-5004 - qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2009-5004
Partager : LinkedIn / Twitter / Facebook

CVE-2018-1721 - IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2018-1721
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18840 - In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18840
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18845 - The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18845
Partager : LinkedIn / Twitter / Facebook

CVE-2019-4334 - IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-4334
Partager : LinkedIn / Twitter / Facebook

CVE-2019-4411 - IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-4411
Partager : LinkedIn / Twitter / Facebook

CVE-2019-4412 - IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-4412
Partager : LinkedIn / Twitter / Facebook

CVE-2019-4450 - IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-4450
Partager : LinkedIn / Twitter / Facebook

CVE-2019-4454 - IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-4454
Partager : LinkedIn / Twitter / Facebook

CVE-2019-4470 - IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-4470
Partager : LinkedIn / Twitter / Facebook

CVE-2019-4509 - IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-4509
Partager : LinkedIn / Twitter / Facebook

CVE-2019-4556 - IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-4556
Partager : LinkedIn / Twitter / Facebook

CVE-2019-4581 - IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-4581
Partager : LinkedIn / Twitter / Facebook

CVE-2019-4645 - IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-4645
Partager : LinkedIn / Twitter / Facebook

CVE-2019-5689 - NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-5689
Partager : LinkedIn / Twitter / Facebook

CVE-2019-5690 - NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-5690
Partager : LinkedIn / Twitter / Facebook

CVE-2019-5691 - NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-5691
Partager : LinkedIn / Twitter / Facebook

CVE-2019-5692 - NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-5692
Partager : LinkedIn / Twitter / Facebook

CVE-2019-5693 - NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-5693
Partager : LinkedIn / Twitter / Facebook

CVE-2019-5694 - NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-5694
Partager : LinkedIn / Twitter / Facebook

CVE-2019-5696 - NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-5696
Partager : LinkedIn / Twitter / Facebook

CVE-2019-5697 - NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-5697
Partager : LinkedIn / Twitter / Facebook

CVE-2019-5698 - NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-5698
Partager : LinkedIn / Twitter / Facebook

CVE-2019-5701 - NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-5701
Partager : LinkedIn / Twitter / Facebook

CVE-2008-5083 - In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2008-5083
Partager : LinkedIn / Twitter / Facebook

CVE-2008-7272 - FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2008-7272
Partager : LinkedIn / Twitter / Facebook

CVE-2008-7291 - gri before 2.12.18 generates temporary files in an insecure way.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2008-7291
Partager : LinkedIn / Twitter / Facebook

CVE-2013-1820 - tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-1820
Partager : LinkedIn / Twitter / Facebook

CVE-2013-1889 - mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-1889
Partager : LinkedIn / Twitter / Facebook

CVE-2019-10219 - A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-10219
Partager : LinkedIn / Twitter / Facebook

CVE-2019-10222 - A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-10222
Partager : LinkedIn / Twitter / Facebook

CVE-2019-12408 - It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-12408
Partager : LinkedIn / Twitter / Facebook

CVE-2019-12410 - While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-12410
Partager : LinkedIn / Twitter / Facebook

CVE-2019-13531 - In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-13531
Partager : LinkedIn / Twitter / Facebook

CVE-2019-13535 - In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-13535
Partager : LinkedIn / Twitter / Facebook

CVE-2019-13539 - Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-13539
Partager : LinkedIn / Twitter / Facebook

CVE-2019-13543 - Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-13543
Partager : LinkedIn / Twitter / Facebook

CVE-2019-13557 - In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-13557
Partager : LinkedIn / Twitter / Facebook

CVE-2019-14824 - A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-14824
Partager : LinkedIn / Twitter / Facebook

CVE-2019-14860 - It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-14860
Partager : LinkedIn / Twitter / Facebook

CVE-2019-15005 - The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-15005
Partager : LinkedIn / Twitter / Facebook

CVE-2019-16205 - A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-16205
Partager : LinkedIn / Twitter / Facebook

CVE-2019-16206 - The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ?trace? and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-16206
Partager : LinkedIn / Twitter / Facebook

CVE-2019-16208 - Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-16208
Partager : LinkedIn / Twitter / Facebook

CVE-2019-17327 - JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-17327
Partager : LinkedIn / Twitter / Facebook

CVE-2019-17661 - A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-17661
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18623 - Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18623
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18835 - Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18835
Partager : LinkedIn / Twitter / Facebook

CVE-2019-3425 - The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-3425
Partager : LinkedIn / Twitter / Facebook

CVE-2019-3426 - The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-3426
Partager : LinkedIn / Twitter / Facebook

CVE-2019-3866 - An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-3866
Partager : LinkedIn / Twitter / Facebook

CVE-2010-2250 - Drupal 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2010-2250
Partager : LinkedIn / Twitter / Facebook

CVE-2010-2447 - gitolite before 1.4.1 does not filter src/ or hooks/ from path names.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2010-2447
Partager : LinkedIn / Twitter / Facebook

CVE-2010-2450 - The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2010-2450
Partager : LinkedIn / Twitter / Facebook

CVE-2010-2472 - Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2010-2472
Partager : LinkedIn / Twitter / Facebook

CVE-2010-2473 - Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2010-2473
Partager : LinkedIn / Twitter / Facebook

CVE-2010-2476 - syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2010-2476
Partager : LinkedIn / Twitter / Facebook

CVE-2011-2336 - An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-2336
Partager : LinkedIn / Twitter / Facebook

CVE-2011-2337 - A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-2337
Partager : LinkedIn / Twitter / Facebook

CVE-2011-2353 - Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-2353
Partager : LinkedIn / Twitter / Facebook

CVE-2011-2807 - Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-2807
Partager : LinkedIn / Twitter / Facebook

CVE-2012-0051 - Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2012-0051
Partager : LinkedIn / Twitter / Facebook

CVE-2013-1425 - ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-1425
Partager : LinkedIn / Twitter / Facebook

CVE-2013-1426 - Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-1426
Partager : LinkedIn / Twitter / Facebook

CVE-2019-11996 - Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be remotely exploited by an attacker to gain elevated privileges or disclose information the array. Affected products and versions include: Nimble Storage Hybrid Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage All Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage Secondary Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-11996
Partager : LinkedIn / Twitter / Facebook

CVE-2019-12331 - PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml payload to utf-7 it is possible to bypass the check for the string ?
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-12331
Partager : LinkedIn / Twitter / Facebook

CVE-2019-15003 - The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-15003
Partager : LinkedIn / Twitter / Facebook

CVE-2019-15004 - The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-15004
Partager : LinkedIn / Twitter / Facebook

CVE-2019-16873 - Portainer before 1.22.1 has XSS (issue 1 of 2).
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-16873
Partager : LinkedIn / Twitter / Facebook

CVE-2019-16876 - Portainer before 1.22.1 allows Directory Traversal.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-16876
Partager : LinkedIn / Twitter / Facebook

CVE-2019-16878 - Portainer before 1.22.1 has XSS (issue 2 of 2).
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-16878
Partager : LinkedIn / Twitter / Facebook

CVE-2019-17222 - An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration).
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-17222
Partager : LinkedIn / Twitter / Facebook

CVE-2019-17604 - An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter).
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-17604
Partager : LinkedIn / Twitter / Facebook

CVE-2019-17605 - A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-17605
Partager : LinkedIn / Twitter / Facebook

CVE-2019-3422 - Security researcher Shen Ying from the Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-3422
Partager : LinkedIn / Twitter / Facebook

CVE-2019-3465 - Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-3465
Partager : LinkedIn / Twitter / Facebook

CVE-2019-3764 - Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-3764
Partager : LinkedIn / Twitter / Facebook

CVE-2019-6337 - For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device.
07/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-6337
Partager : LinkedIn / Twitter / Facebook

CVE-2006-0062 - xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window.
06/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2006-0062
Partager : LinkedIn / Twitter / Facebook

CVE-2006-3100 - termpkg 3.3 suffers from buffer overflow.
06/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2006-3100
Partager : LinkedIn / Twitter / Facebook

CVE-2006-4243 - linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code.
06/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2006-4243
Partager : LinkedIn / Twitter / Facebook

Les annonces ayant été modifiées dernièrement

CVE-2007-5743 - viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2007-5743
Partager : LinkedIn / Twitter / Facebook

CVE-2010-2449 - Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2010-2449
Partager : LinkedIn / Twitter / Facebook

CVE-2012-0049 - OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2012-0049
Partager : LinkedIn / Twitter / Facebook

CVE-2013-1811 - An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-1811
Partager : LinkedIn / Twitter / Facebook

CVE-2014-8181 - The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2014-8181
Partager : LinkedIn / Twitter / Facebook

CVE-2019-14847 - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-14847
Partager : LinkedIn / Twitter / Facebook

CVE-2019-16207 - Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-16207
Partager : LinkedIn / Twitter / Facebook

CVE-2019-16209 - A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-16209
Partager : LinkedIn / Twitter / Facebook

CVE-2019-16210 - Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-16210
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18178 - Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache().
09/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2019-18178
Partager : LinkedIn / Twitter / Facebook

CVE-2005-2354 - Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2005-2354
Partager : LinkedIn / Twitter / Facebook

CVE-2005-4890 - There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2005-4890
Partager : LinkedIn / Twitter / Facebook

CVE-2006-0061 - xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2006-0061
Partager : LinkedIn / Twitter / Facebook

CVE-2007-0899 - There is a possible heap overflow in libclamav/fsg.c before 0.100.0.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2007-0899
Partager : LinkedIn / Twitter / Facebook

CVE-2007-3732 - In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2007-3732
Partager : LinkedIn / Twitter / Facebook

CVE-2007-3915 - Mondo 2.24 has insecure handling of temporary files.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2007-3915
Partager : LinkedIn / Twitter / Facebook

CVE-2007-6745 - clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2007-6745
Partager : LinkedIn / Twitter / Facebook

CVE-2008-3278 - frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2008-3278
Partager : LinkedIn / Twitter / Facebook

CVE-2009-5049 - WebApp JSP Snoop page XSS in jetty though 6.1.21.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2009-5049
Partager : LinkedIn / Twitter / Facebook

CVE-2009-5050 - konversation before 1.2.3 allows attackers to cause a denial of service.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2009-5050
Partager : LinkedIn / Twitter / Facebook

CVE-2010-2222 - The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2010-2222
Partager : LinkedIn / Twitter / Facebook

CVE-2010-2243 - A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.33 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2010-2243
Partager : LinkedIn / Twitter / Facebook

CVE-2010-2446 - Rbot Reaction plugin allows command execution
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2010-2446
Partager : LinkedIn / Twitter / Facebook

CVE-2010-3670 - TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2010-3670
Partager : LinkedIn / Twitter / Facebook

CVE-2010-3671 - TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2010-3671
Partager : LinkedIn / Twitter / Facebook

CVE-2010-4178 - MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2010-4178
Partager : LinkedIn / Twitter / Facebook

CVE-2011-1133 - Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-1133
Partager : LinkedIn / Twitter / Facebook

CVE-2011-1134 - Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-1134
Partager : LinkedIn / Twitter / Facebook

CVE-2011-1135 - Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-1135
Partager : LinkedIn / Twitter / Facebook

CVE-2011-4626 - Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-4626
Partager : LinkedIn / Twitter / Facebook

CVE-2011-4627 - TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-4627
Partager : LinkedIn / Twitter / Facebook

CVE-2011-4628 - TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-4628
Partager : LinkedIn / Twitter / Facebook

CVE-2011-4629 - Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-4629
Partager : LinkedIn / Twitter / Facebook

CVE-2011-4630 - Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-4630
Partager : LinkedIn / Twitter / Facebook

CVE-2011-4631 - Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-4631
Partager : LinkedIn / Twitter / Facebook

CVE-2011-4632 - Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-4632
Partager : LinkedIn / Twitter / Facebook

CVE-2011-4901 - TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-4901
Partager : LinkedIn / Twitter / Facebook

CVE-2011-4902 - TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-4902
Partager : LinkedIn / Twitter / Facebook

CVE-2011-4904 - TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2011-4904
Partager : LinkedIn / Twitter / Facebook

CVE-2012-6123 - Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2012-6123
Partager : LinkedIn / Twitter / Facebook

CVE-2013-1429 - Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-1429
Partager : LinkedIn / Twitter / Facebook

CVE-2013-1666 - Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-1666
Partager : LinkedIn / Twitter / Facebook

CVE-2013-1751 - TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-1751
Partager : LinkedIn / Twitter / Facebook

CVE-2013-1771 - The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-1771
Partager : LinkedIn / Twitter / Facebook

CVE-2013-1809 - Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-1809
Partager : LinkedIn / Twitter / Facebook

CVE-2013-2012 - autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-2012
Partager : LinkedIn / Twitter / Facebook

CVE-2013-4101 - Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-4101
Partager : LinkedIn / Twitter / Facebook

CVE-2013-4251 - The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-4251
Partager : LinkedIn / Twitter / Facebook

CVE-2013-4374 - An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-4374
Partager : LinkedIn / Twitter / Facebook

CVE-2013-4409 - An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
08/11/2019 | https://nvd.nist.gov/vuln/detail/CVE-2013-4409
Partager : LinkedIn / Twitter / Facebook