Bulletin (SB19-301)

Vulnerability Summary for the Week of October 21, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
citrix -- application_delivery_controller_and_gateway
 
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name. 2019-10-21 7.5 CVE-2019-18225
MISC
facebook -- whatsapp_for_android
 
A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service. 2019-10-23 7.5 CVE-2019-11933
CONFIRM
file -- file
 
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). 2019-10-21 7.5 CVE-2019-18218
MISC
MISC
MLIST
DEBIAN
fusionpbx -- fusionpbx
 
app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data. 2019-10-21 9 CVE-2019-16964
MISC
MISC
fusionpbx -- fusionpbx
 
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data. 2019-10-21 9 CVE-2019-16965
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system. 2019-10-21 8.5 CVE-2019-16985
MISC
MISC
ibm -- db2_high_performance_unload
 
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481. 2019-10-22 7.2 CVE-2019-4523
XF
CONFIRM
libidn -- libidn2
 
idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. 2019-10-21 7.5 CVE-2019-18224
MISC
MISC
MISC
linux -- linux_kernel In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753. 2019-10-18 7.2 CVE-2019-18198
MISC
MISC
MISC
MISC
UBUNTU
project_floodlight -- open_floodlight_sdn_controller_software
 
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch. 2019-10-23 7.8 CVE-2013-7333
MISC
slicer69 -- doas

 
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither changing the group id nor initializing secondary group ids. 2019-10-18 9 CVE-2019-15901
MISC
MISC
MISC
slicer69 -- doas
 
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root. 2019-10-18 10 CVE-2019-15900
MISC
MISC
sonatype -- nexus_repository_manager
 
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. 2019-10-21 9 CVE-2019-16530
MISC
CONFIRM
sourcecodester -- online_grading_system
 
Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter). 2019-10-23 7.5 CVE-2019-18344
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- experience_manager_forms
 
Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-22 4.3 CVE-2019-8089
CONFIRM
apache -- traffic_server
 
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions. 2019-10-22 5 CVE-2019-10079
MISC
ether -- etherpad-lite
 
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer. 2019-10-19 4.3 CVE-2019-18209
MISC
freepbx -- freepbx
 
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager. 2019-10-21 4.3 CVE-2019-16967
MISC
MISC
MISC
freepbx -- freepbx
 
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager. 2019-10-21 4.3 CVE-2019-16966
MISC
MISC
MISC
fusionpbx -- fusionpbx

 
In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. 2019-10-21 4.3 CVE-2019-16982
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS. 2019-10-21 4.3 CVE-2019-16991
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. 2019-10-21 4.3 CVE-2019-16989
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. 2019-10-21 4.3 CVE-2019-16988
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. 2019-10-21 4.3 CVE-2019-16987
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS. 2019-10-21 4.3 CVE-2019-16984
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS. 2019-10-21 4.3 CVE-2019-16983
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it. 2019-10-21 4 CVE-2019-16990
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. 2019-10-21 4.3 CVE-2019-16981
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. 2019-10-22 4.3 CVE-2019-16973
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. 2019-10-21 4.3 CVE-2019-16978
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. 2019-10-23 4.3 CVE-2019-16975
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. 2019-10-21 4.3 CVE-2019-16974
MISC
MISC
fusionpbx -- fusionpbx
 
An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. 2019-10-21 4.3 CVE-2019-16968
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. 2019-10-21 4.3 CVE-2019-16969
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS. 2019-10-21 4.3 CVE-2019-16970
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. 2019-10-22 4.3 CVE-2019-16971
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. 2019-10-21 4.3 CVE-2019-16979
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. 2019-10-22 4.3 CVE-2019-16972
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection. 2019-10-21 6.5 CVE-2019-16980
MISC
MISC
fusionpbx -- fusionpbx
 
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.) 2019-10-21 4 CVE-2019-16986
MISC
MISC
MISC
gnome -- libxslt
 
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. 2019-10-18 6.8 CVE-2019-18197
MISC
MISC
MISC
MISC
MLIST
UBUNTU
haproxy -- haproxy
 
A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parser that would ignore the content-length header as soon as it saw a transfer-encoding one (even if not entirely valid according to the specification). 2019-10-23 4.3 CVE-2019-18277
MISC
MISC
MISC
horner_automation -- cscape
 
In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code. 2019-10-18 6.8 CVE-2019-13541
MISC
MISC
horner_automation -- cscape
 
In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution. 2019-10-18 6.8 CVE-2019-13545
MISC
MISC
jenkins -- jenkins
 
Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2019-10-23 4 CVE-2019-10467
MLIST
CONFIRM
jenkins -- jenkins
 
An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. 2019-10-23 5.5 CVE-2019-10466
MLIST
CONFIRM
jenkins -- jenkins
 
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-10-23 6.8 CVE-2019-10471
MLIST
CONFIRM
jenkins -- jenkins
 
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. 2019-10-23 4.3 CVE-2019-10475
MLIST
CONFIRM
jenkins -- jenkins
 
A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-10-23 6.8 CVE-2019-10468
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. 2019-10-23 4 CVE-2019-10459
MLIST
CONFIRM
jenkins -- jenkins
 
A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. 2019-10-23 4 CVE-2019-10463
MLIST
CONFIRM
jenkins -- jenkins
 
A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. 2019-10-23 4 CVE-2019-10465
MLIST
CONFIRM
jenkins -- jenkins
 
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-10-23 4 CVE-2019-10469
MLIST
CONFIRM
jenkins -- jenkins
 
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. 2019-10-23 4 CVE-2019-10470
MLIST
CONFIRM
jenkins -- jenkins
 
A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-10-23 4 CVE-2019-10472
MLIST
CONFIRM
jenkins -- jenkins
 
A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. 2019-10-23 4 CVE-2019-10473
MLIST
CONFIRM
jenkins -- jenkins
 
A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. 2019-10-23 4 CVE-2019-10474
MLIST
CONFIRM
jenkins -- jenkins
 
A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. 2019-10-23 6.8 CVE-2019-10464
MLIST
CONFIRM
jenkins -- jenkins
 
A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. 2019-10-23 6.8 CVE-2019-10462
MLIST
CONFIRM
libssh2_project -- libssh2
 
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. 2019-10-21 5.8 CVE-2019-17498
MISC
MISC
MISC
MISC
micro_focus -- self_service_password_reset
 
Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack. 2019-10-22 4.3 CVE-2019-11674
MISC
mooltipass -- moolticute
 
Stephan Mooltipass Moolticute through 0.42.1 (and possibly earlier versions) has Incorrect Access Control. 2019-10-22 4.3 CVE-2019-12967
MISC
MISC
openemr_foundation -- openemr
 
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter. 2019-10-21 6.5 CVE-2019-16404
MISC
openemr_foundation -- openemr
 
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter. 2019-10-21 4.3 CVE-2019-16862
MISC
MISC
openemr_foundation -- openemr
 
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter. 2019-10-21 4.3 CVE-2019-17409
MISC
MISC
openwrt_project -- openwrt
 
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. 2019-10-18 6.8 CVE-2019-17367
CONFIRM
proftpd_project -- proftpd
 
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. 2019-10-21 5 CVE-2019-18217
MISC
MISC
MISC
MISC
MISC
MLIST
FEDORA
FEDORA
qt -- qtbase
 
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. 2019-10-23 5 CVE-2019-18281
MISC
MISC
MISC
ratpack -- ratpack An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur. 2019-10-18 5 CVE-2019-17513
MISC
MISC
CONFIRM
CONFIRM
MISC
ricoh -- mp_501_printer
 
On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi. 2019-10-21 4.3 CVE-2019-18203
MISC
rocket.chat -- rocket.chat
 
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. 2019-10-21 4.3 CVE-2019-17220
MISC
MISC
MISC
MISC
sitemagic_cms -- sitemagic_cms
 
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions. 2019-10-23 6.8 CVE-2019-18220
MISC
MISC
sitemagic_cms -- sitemagic_cms
 
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter. 2019-10-23 4.3 CVE-2019-18219
MISC
MISC
sourcecodester -- online_grading_system
 
Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User action at the admin/modules/user/controller.php?action=add URI. 2019-10-23 6.8 CVE-2019-18280
MISC
tomedo -- tomedo_server
 
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password. 2019-10-18 5 CVE-2019-17393
MISC
FULLDISC
trend_micro -- anti-threat_toolkit Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. 2019-10-21 5.1 CVE-2019-9491
MISC
FULLDISC
BUGTRAQ
MISC
uncoconv -- uncoconv
 
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion. 2019-10-21 5 CVE-2019-17400
MISC
MISC
verodin -- director
 
An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request. 2019-10-21 4 CVE-2019-10716
MISC
MISC
MISC
video_converter_app_for_nextcloud -- video_converter_app_for_nextcloud
 
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.) 2019-10-19 6.8 CVE-2019-18214
MISC
videolan -- vlc_media_player
 
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. 2019-10-23 4.6 CVE-2019-18278
MISC
vmware -- harbor_container_registery_for_pcf
 
Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account. 2019-10-18 5 CVE-2019-16919
CONFIRM
MISC
MISC
wago -- pfc100_and_pfc200_series_devices
 
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. 2019-10-19 5 CVE-2019-18202
MISC
wordpress -- wordpress The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. 2019-10-22 6.8 CVE-2015-9497
MISC
MISC
wordpress -- wordpress The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier. 2019-10-23 4.3 CVE-2015-9502
MISC
wordpress -- wordpress
 
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring. 2019-10-22 6.5 CVE-2015-9496
MISC
EXPLOIT-DB
wordpress -- wordpress
 
The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues. 2019-10-22 4.3 CVE-2015-9493
CONFIRM
MISC
wordpress -- wordpress
 
The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier. 2019-10-22 4.3 CVE-2015-9494
MISC
wordpress -- wordpress
 
The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value. 2019-10-22 6.8 CVE-2015-9498
CONFIRM
MISC
wordpress -- wordpress
 
The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. 2019-10-22 4.3 CVE-2015-9495
CONFIRM
MISC
wordpress -- wordpress
 
The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js. 2019-10-22 4.3 CVE-2015-9500
MISC
wordpress -- wordpress
 
The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root. 2019-10-22 4.3 CVE-2015-9501
CONFIRM
MISC
wordpress -- wordpress
 
The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier. 2019-10-23 4.3 CVE-2015-9503
MISC
wordpress -- wordpress The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9531
MISC
wordpress -- wordpress The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9535
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9536
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Content Restriction extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9509
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7 for WordPress has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9505
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Attach Accounts to Orders extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9507
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9508
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9512
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9510
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9511
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Favorites extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9513
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Free Downloads extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9514
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9515
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9525
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9526
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Simple Shipping extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9527
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9528
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Stripe extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9529
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9532
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Lattice theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9533
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Quota theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9534
MISC
wordpress -- wordpress
 
The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 4.3 CVE-2015-9530
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
fritz -- fritz!os
 
Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors. 2019-10-22 2.1 CVE-2017-8087
MISC
MISC
FULLDISC
jenkins -- jenkins
 
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system. 2019-10-23 2.1 CVE-2019-10460
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. 2019-10-23 2.1 CVE-2019-10461
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. 2019-10-23 2.1 CVE-2019-10476
MLIST
CONFIRM
loofah_gem_for_ruby_on_rails -- loofah_gem_for_ruby_on_rails
 
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. 2019-10-22 3.5 CVE-2019-15587
CONFIRM
MISC
totemodata -- totemodata
 
totemodata 3.0.0_b936 has XSS via a folder name. 2019-10-22 3.5 CVE-2019-17189
MISC
MISC
MISC
verodin -- director
 
There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input fields of certain tooltips, and on the Tags, Sequences, and Actors pages. 2019-10-21 3.5 CVE-2019-10715
MISC
MISC
wordpress -- wordpress
 
A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action. 2019-10-18 3.5 CVE-2019-17207
MISC
FULLDISC
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
3s-smart_software_solutions -- codesys_eni_server 3S-Smart CODESYS V2.3 ENI server V3.2.2.23 has a Buffer Overflow. 2019-10-25 not yet calculated CVE-2019-16265
CONFIRM
MISC
abode -- creative_cloud_desktop_application
 
Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user. 2019-10-23 not yet calculated CVE-2019-8236
MISC
adobe -- acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a Path Traversal vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-10-23 not yet calculated CVE-2019-8238
MISC
adobe -- acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.012.20034 and earlier; 2019.012.20035 and earlier versions; 2017.011.30142 and earlier versions; 2017.011.30143 and earlier versions; 2015.006.30497 and earlier versions; 2015.006.30498 and earlier versions have an Insufficiently Robust Encryption vulnerability. Successful exploitation could lead to Security feature bypass in the context of the current user. 2019-10-23 not yet calculated CVE-2019-8237
MISC
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-10-25 not yet calculated CVE-2019-8088
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 not yet calculated CVE-2019-8234
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 not yet calculated CVE-2019-8087
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 not yet calculated CVE-2019-8084
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 not yet calculated CVE-2019-8085
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 not yet calculated CVE-2019-8082
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 not yet calculated CVE-2019-8083
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 not yet calculated CVE-2019-8081
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-24 not yet calculated CVE-2019-8078
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-24 not yet calculated CVE-2019-8079
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 not yet calculated CVE-2019-8086
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation. 2019-10-24 not yet calculated CVE-2019-8080
CONFIRM
ant_design -- ant_design_pro In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script. 2019-10-23 not yet calculated CVE-2019-18350
MISC
apache -- poi In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. 2019-10-23 not yet calculated CVE-2019-12415
MISC
avast -- antivirus An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0. 2019-10-23 not yet calculated CVE-2019-17093
MISC
MISC
avstar -- pe204_ip_camera_devices An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open. 2019-10-23 not yet calculated CVE-2019-18382
MISC
clonos -- web_control_panel A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. 2019-10-24 not yet calculated CVE-2019-18419
MISC
clonos -- web_control_panel clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management. 2019-10-24 not yet calculated CVE-2019-18418
MISC
cloud_foundry -- smb_volume Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume. 2019-10-23 not yet calculated CVE-2019-11283
CONFIRM
cloud_foundry -- uaa Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA. 2019-10-23 not yet calculated CVE-2019-11282
CONFIRM
corehr -- core_portal CoreHR Core Portal before 27.0.7 allows stored XSS. 2019-10-25 not yet calculated CVE-2019-18221
MISC
MISC
craft_cms -- craft_cms In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them. 2019-10-24 not yet calculated CVE-2019-15929
MISC
d-link -- dir-865l_wireless_routers D-Link DIR-865L has Information Disclosure. 2019-10-25 not yet calculated CVE-2013-4856
MISC
MISC
MISC
d-link -- dir-865l_wireless_routers D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. 2019-10-25 not yet calculated CVE-2013-4855
MISC
MISC
MISC
d-link -- dir-865l_wireless_routers D-Link DIR-865L has PHP File Inclusion in the router xml file. 2019-10-25 not yet calculated CVE-2013-4857
MISC
MISC
darktrace -- enterprise_immune_system

 
Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint. 2019-10-23 not yet calculated CVE-2019-9597
MISC
MISC
BUGTRAQ
MISC
darktrace -- enterprise_immune_system
 
Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint. 2019-10-23 not yet calculated CVE-2019-9596
MISC
MISC
BUGTRAQ
MISC
forcepoint -- one_endpoint
 
This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. 2019-10-23 not yet calculated CVE-2019-6144
MISC
fortinet -- forticlient_for_windows
 
A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. 2019-10-24 not yet calculated CVE-2019-6692
MISC
fortinet -- fortios An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. 2019-10-24 not yet calculated CVE-2019-15703
MISC
foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276. 2019-10-25 not yet calculated CVE-2019-17145
MISC
foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8692. 2019-10-25 not yet calculated CVE-2019-17139
MISC
MISC
foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Keystroke action of a listbox field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9081. 2019-10-25 not yet calculated CVE-2019-17142
MISC
MISC
foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Calculate action of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9044. 2019-10-25 not yet calculated CVE-2019-17141
MISC
MISC
foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OnFocus event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9091. 2019-10-25 not yet calculated CVE-2019-17140
MISC
MISC
foxit_software -- phantompdf This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9273. 2019-10-25 not yet calculated CVE-2019-17143
MISC
foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274. 2019-10-25 not yet calculated CVE-2019-17144
MISC
foxit_software -- photo_studio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion from JPEG to EPS. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8809. 2019-10-25 not yet calculated CVE-2019-17138
MISC
MISC
fujitsu -- wireless_keyboard_set_lx390_gk381_devices An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on sensitive data such as passwords. 2019-10-24 not yet calculated CVE-2019-18201
MISC
MISC
MISC
fujitsu -- wireless_keyboard_set_lx390_gk381_devices An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks. 2019-10-24 not yet calculated CVE-2019-18200
MISC
MISC
MISC
fujitsu -- wireless_keyboard_set_lx390_gk381_devices An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks. 2019-10-24 not yet calculated CVE-2019-18199
MISC
MISC
MISC
fusionpbx -- fusionpbx In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. 2019-10-23 not yet calculated CVE-2019-16976
MISC
MISC
fusionpbx -- fusionpbx In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. 2019-10-23 not yet calculated CVE-2019-16977
MISC
MISC
gnu_project -- gcc Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. 2019-10-23 not yet calculated CVE-2002-2439
MISC
MISC
CONFIRM
MISC
golang -- go Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. 2019-10-24 not yet calculated CVE-2019-17596
CONFIRM
CONFIRM
DEBIAN
google -- chrome browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. 2019-10-25 not yet calculated CVE-2016-5202
MISC
MISC
MISC
MISC
MISC
honeywell -- ip-ak2_access_control_panel In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network. 2019-10-25 not yet calculated CVE-2019-13525
MISC
horde -- groupware_webmail_edition Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI, related to the Tag Cloud feature. 2019-10-24 not yet calculated CVE-2019-12094
MISC
MISC
MISC
MISC
MISC
MISC
horde -- groupware_webmail_edition Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. 2019-10-24 not yet calculated CVE-2019-12095
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ibm -- cloud_orchestrator
 
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232. 2019-10-25 not yet calculated CVE-2019-4394
XF
CONFIRM
ibm -- cloud_orchestrator
 
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333. 2019-10-25 not yet calculated CVE-2019-4395
XF
CONFIRM
ibm -- cloud_orchestrator
 
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260. 2019-10-25 not yet calculated CVE-2019-4399
XF
CONFIRM
ibm -- cloud_orchestrator
 
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261. 2019-10-25 not yet calculated CVE-2019-4400
XF
CONFIRM
ibm -- cloud_orchestrator
 
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236. 2019-10-25 not yet calculated CVE-2019-4396
XF
CONFIRM
ibm -- cloud_orchestrator
 
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682. 2019-10-25 not yet calculated CVE-2019-4461
XF
CONFIRM
ibm -- cloud_orchestrator_and_cloud_orchestrator_enterprise

 
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259. 2019-10-24 not yet calculated CVE-2019-4398
XF
CONFIRM
ibm -- cloud_orchestrator_and_cloud_orchestrator_enterprise
 
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239 2019-10-24 not yet calculated CVE-2019-4397
XF
CONFIRM
ibm -- cloud_orchestrator_and_cloud_orchestrator_enterprise
 
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163656. 2019-10-24 not yet calculated CVE-2019-4459
XF
CONFIRM
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070. 2019-10-24 not yet calculated CVE-2019-4486
XF
CONFIRM
ibm -- security_access_manager_appliance
 
IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159. 2019-10-25 not yet calculated CVE-2019-4036
XF
CONFIRM
ignite_realtime -- openfire PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. 2019-10-24 not yet calculated CVE-2019-18393
MISC
ignite_realtime -- openfire A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. 2019-10-24 not yet calculated CVE-2019-18394
MISC
labf -- nfsaxe_ftp_client Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely. 2019-10-25 not yet calculated CVE-2017-14742
EXPLOIT-DB
libarchive -- libarchive archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. 2019-10-24 not yet calculated CVE-2019-18408
MISC
MISC
MISC
MLIST
libidn -- libidn2 GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated. 2019-10-22 not yet calculated CVE-2019-12290
MISC
CONFIRM
MISC
linksys -- ea6500_wireless_routers Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. 2019-10-25 not yet calculated CVE-2013-4658
MISC
MISC
MISC
mapr -- cldb A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influence the JSON library's decision on which Java class this JSON request is deserialized to. By doing so, the attacker can force the MapR CLDB to construct a URLClassLoader which loads a malicious Java class from a remote path and instantiate this object in the MapR CLDB, thus executing arbitrary code on the machine running the MapR CLDB and take over the cluster. By switching to the newer Jackson library and ensuring that all incoming JSON requests are only deserialized to the same class that it was serialized from, the vulnerability is fixed. This vulnerability affects the entire MapR core platform. 2019-10-24 not yet calculated CVE-2019-12017
MISC
milesight -- ip_security_cameras Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. 2019-10-25 not yet calculated CVE-2016-2356
MISC
MISC
MISC
milesight -- ip_security_cameras Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. 2019-10-25 not yet calculated CVE-2016-2359
MISC
MISC
MISC
milesight -- ip_security_cameras Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. 2019-10-25 not yet calculated CVE-2016-2358
MISC
MISC
MISC
milesight -- ip_security_cameras Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. 2019-10-25 not yet calculated CVE-2016-2357
MISC
MISC
MISC
milesight -- ip_security_cameras Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. 2019-10-25 not yet calculated CVE-2016-2360
MISC
MISC
MISC
mp3gain_project -- mp3gain A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service. 2019-10-23 not yet calculated CVE-2019-18359
MISC
netapp -- clustered_data_ontap
 
Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). 2019-10-25 not yet calculated CVE-2019-5508
MISC
nipper-ng -- nipper-ng A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file. 2019-10-22 not yet calculated CVE-2019-17424
MISC
MISC
MISC
MISC
node.js -- node.js The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post. 2019-10-23 not yet calculated CVE-2019-17606
MISC
MISC
MISC
CONFIRM
philips -- intellispace_perinatal In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system. 2019-10-25 not yet calculated CVE-2019-13546
MISC

project_floodlight -- open_floodlight_sdn_controller_software

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures. 2019-10-23 not yet calculated CVE-2014-2304
MISC
python -- python An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.) 2019-10-23 not yet calculated CVE-2019-18348
MISC
MISC
repetier-server -- repetier-server RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. 2019-10-25 not yet calculated CVE-2019-14451
CONFIRM
MISC
rittal -- rittal_chiller_sk_3232-series Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 ? B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point. 2019-10-25 not yet calculated CVE-2019-13553
MISC
rittal -- rittal_chiller_sk_3232-series Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 ? B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication. 2019-10-25 not yet calculated CVE-2019-13549
MISC
ruby_parser-legacy_gem_for_ruby_on_rails -- ruby_parser-legacy_gem_for_ruby_on_rails The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb file. 2019-10-24 not yet calculated CVE-2019-18409
MISC
sangoma -- session_border_controller The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php. 2019-10-22 not yet calculated CVE-2019-12148
MISC
FULLDISC
sangoma -- session_border_controller The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt. 2019-10-22 not yet calculated CVE-2019-12147
MISC
FULLDISC
MISC
schlix -- schlix_cms admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. 2019-10-24 not yet calculated CVE-2019-11021
MISC
MISC
sourcecodester -- restaurant_management_system Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen. 2019-10-24 not yet calculated CVE-2019-18415
MISC
sourcecodester -- restaurant_management_system Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files. 2019-10-24 not yet calculated CVE-2019-18417
MISC
sourcecodester -- restaurant_management_system Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member. 2019-10-24 not yet calculated CVE-2019-18416
MISC
sourcecodester -- restaurant_management_system Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page. 2019-10-24 not yet calculated CVE-2019-18414
MISC
sourcecodester -- hotel_and_lodge_management_system Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. 2019-10-23 not yet calculated CVE-2019-18387
MISC
symantec -- symantec_messaging_gateway Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. 2019-10-24 not yet calculated CVE-2019-9699
CONFIRM
teamviewer -- teamviewer A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previously installed with administrative privileges. Exploitation requires that an attacker be able to create a new file in the TeamViewer application directory; directory permissions restrict that by default. 2019-10-24 not yet calculated CVE-2019-18196
CONFIRM
tenable -- nessus Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive. 2019-10-23 not yet calculated CVE-2019-3982
MISC
terramaster -- fs-210_devices An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring. 2019-10-23 not yet calculated CVE-2019-18385
MISC
terramaster -- fs-210_devices An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission. 2019-10-23 not yet calculated CVE-2019-18383
MISC
terramaster -- fs-210_devices An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring. 2019-10-23 not yet calculated CVE-2019-18384
MISC
thycotic -- secret_server An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). 2019-10-23 not yet calculated CVE-2019-18356
MISC
thycotic -- secret_server An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. 2019-10-23 not yet calculated CVE-2019-18355
MISC
thycotic -- secret_server An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). 2019-10-23 not yet calculated CVE-2019-18357
MISC
tonyy -- dormsystem tonyy dormsystem through 1.3 allows DOM XSS. 2019-10-24 not yet calculated CVE-2019-17581
MISC
MISC
tp-link -- m7350_devices TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5). 2019-10-24 not yet calculated CVE-2019-13653
MISC
tp-link -- m7350_devices TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5). 2019-10-24 not yet calculated CVE-2019-13652
MISC
tp-link -- m7350_devices TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection (issue 2 of 5). 2019-10-24 not yet calculated CVE-2019-13650
MISC
tp-link -- m7350_devices TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5). 2019-10-24 not yet calculated CVE-2019-13649
MISC
tp-link -- m7350_devices TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5). 2019-10-24 not yet calculated CVE-2019-13651
MISC
MISC
tp-link -- tl-wdr4300_wireless_routers TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. 2019-10-25 not yet calculated CVE-2013-4848
MISC
MISC
MISC
MISC
MISC
typestack -- class-validator In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product. 2019-10-24 not yet calculated CVE-2019-18413
MISC
wacom -- update_helper_driver

 
An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this vulnerability to raise load arbitrary launchD agents. An attacker would need local access to the machine for a successful exploit. 2019-10-24 not yet calculated CVE-2019-5013
MISC
wacom -- update_helper_driver
 
An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit. 2019-10-24 not yet calculated CVE-2019-5012
MISC
wordpress -- wordpress The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. 2019-10-22 not yet calculated CVE-2015-9499
MISC
MISC
EXPLOIT-DB
wordpress -- wordpress The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 not yet calculated CVE-2015-9523
MISC
wordpress -- wordpress The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 not yet calculated CVE-2015-9522
MISC
wordpress -- wordpress The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 not yet calculated CVE-2015-9506
MISC
wordpress -- wordpress The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 not yet calculated CVE-2015-9516
MISC
wordpress -- wordpress The Easy Digital Downloads (EDD) Manual Purchases extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 not yet calculated CVE-2015-9517
MISC
wordpress -- wordpress The Easy Digital Downloads (EDD) Per Product Emails extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 not yet calculated CVE-2015-9520
MISC
wordpress -- wordpress The Easy Digital Downloads (EDD) PDF Stamper extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 not yet calculated CVE-2015-9519
MISC
wordpress -- wordpress The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter. 2019-10-23 not yet calculated CVE-2015-9504
MISC
wordpress -- wordpress The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 not yet calculated CVE-2015-9521
MISC
wordpress -- wordpress The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 not yet calculated CVE-2015-9524
MISC
wordpress -- wordpress The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. 2019-10-23 not yet calculated CVE-2015-9518
MISC
wustl -- xnat WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. 2019-10-23 not yet calculated CVE-2019-14276
MISC
MISC
MISC
xiaomi -- mi_wifi_r3g_devices An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed. 2019-10-23 not yet calculated CVE-2019-18370
MISC
xiaomi -- mi_wifi_r3g_devices An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. 2019-10-23 not yet calculated CVE-2019-18371
MISC
xml_language_server -- xml_language_server XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal. 2019-10-23 not yet calculated CVE-2019-18212
MISC
CONFIRM
MISC
MISC
MISC
MISC
xml_language_server -- xml_language_server
 
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java. 2019-10-23 not yet calculated CVE-2019-18213
MISC
CONFIRM
MISC
MISC
MISC
MISC
youphptube -- youphptube SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php. 2019-10-25 not yet calculated CVE-2019-5122
MISC
youphptube -- youphptube
 
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getSpiritsFromVideo.php is vulnerable to a command injection attack. 2019-10-25 not yet calculated CVE-2019-5129
MISC
youphptube -- youphptube
 
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack. 2019-10-25 not yet calculated CVE-2019-5127
MISC
youphptube -- youphptube
 
Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php. 2019-10-25 not yet calculated CVE-2019-5123
MISC
youphptube -- youphptube
 
SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php 2019-10-25 not yet calculated CVE-2019-5121
MISC
youphptube -- youphptube
 
An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. 2019-10-25 not yet calculated CVE-2019-5120
MISC
youphptube -- youphptube
 
An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. 2019-10-25 not yet calculated CVE-2019-5119
MISC
youphptube -- youphptube
 
Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. 2019-10-25 not yet calculated CVE-2019-5117
MISC
youphptube -- youphptube
 
An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. 2019-10-25 not yet calculated CVE-2019-5116
MISC
youphptube -- youphptube
 
An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system. 2019-10-25 not yet calculated CVE-2019-5114
MISC
youphptube -- youphptube
 
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. 2019-10-25 not yet calculated CVE-2019-5128
MISC
zend_framework -- zend_framework Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. 2019-10-25 not yet calculated CVE-2015-0270
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No