US-CERT - SB19-084: Vulnerability Summary for the Week of March 18, 2019
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
airmore -- airmore | The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests. | 2019-03-15 | 7.8 | CVE-2019-9831 EXPLOIT-DB MISC |
capmon -- access_manager | An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivileged users via the --system option. | 2019-03-15 | 7.2 | CVE-2018-18252 MISC |
capmon -- access_manager | An issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve elevated privileges. | 2019-03-15 | 7.2 | CVE-2018-18255 MISC |
capmon -- access_manager | An issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run any whitelisted application through the Custom App Launcher. | 2019-03-15 | 7.2 | CVE-2018-18256 MISC |
caret -- caret | Caret before 2019-02-22 allows Remote Code Execution. | 2019-03-22 | 7.5 | CVE-2019-9927 MISC |
designchemical -- social_network_tabs | The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover. | 2019-03-21 | 7.5 | CVE-2018-20555 MISC |
ens -- webgalamb | subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header. | 2019-03-21 | 7.5 | CVE-2018-19510 MISC MISC |
ens -- webgalamb | In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory. | 2019-03-21 | 9.0 | CVE-2018-19512 MISC MISC |
ens -- webgalamb | In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval() expression in the subscriber.php file. | 2019-03-21 | 7.5 | CVE-2018-19514 MISC MISC |
ens -- webgalamb | In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users. | 2019-03-21 | 7.5 | CVE-2018-19515 MISC MISC |
five9 -- agent_desktop_plus | Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2). | 2019-03-17 | 7.5 | CVE-2018-15509 MISC |
hidglobal -- easylobby_solo | EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing "esc" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer. | 2019-03-21 | 7.2 | CVE-2018-17491 XF |
kioware -- kioware_server | KioWare Server 4.9.6 allows local users to gain privileges by replacing \kioware_com\KWSS.exe with a Trojan horse program, because \kioware_com has "Everyone: (F)" permissions. | 2019-03-21 | 7.2 | CVE-2018-18435 MISC EXPLOIT-DB |
openmrs -- openmrs | OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body. | 2019-03-21 | 10.0 | CVE-2018-19276 MISC EXPLOIT-DB |
opensuse -- yast2-printer | In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast. | 2019-03-15 | 9.3 | CVE-2018-20106 CONFIRM |
portier -- portier | An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number. | 2019-03-21 | 7.5 | CVE-2019-5722 MISC BUGTRAQ EXPLOIT-DB MISC |
putty -- putty | In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. | 2019-03-21 | 7.5 | CVE-2019-9895 MISC |
putty -- putty | Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | 2019-03-21 | 7.5 | CVE-2019-9898 BID MISC |
rdesktop -- rdesktop | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | 2019-03-15 | 7.5 | CVE-2018-20177 BID MISC MLIST CONFIRM GENTOO DEBIAN |
rdesktop -- rdesktop | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution. | 2019-03-15 | 7.5 | CVE-2018-20179 BID MISC MLIST CONFIRM GENTOO DEBIAN |
rdesktop -- rdesktop | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution. | 2019-03-15 | 7.5 | CVE-2018-20180 BID MISC MLIST CONFIRM GENTOO DEBIAN |
rdesktop -- rdesktop | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution. | 2019-03-15 | 7.5 | CVE-2018-20181 BID MISC MLIST CONFIRM GENTOO DEBIAN |
rdesktop -- rdesktop | rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution. | 2019-03-15 | 7.5 | CVE-2018-20182 BID MISC MLIST CONFIRM GENTOO DEBIAN |
roxyfileman -- roxy_fileman | Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php. | 2019-03-21 | 7.5 | CVE-2018-20526 MISC EXPLOIT-DB |
school_attendance_monitoring_system_project -- school_attendance_monitoring_system | School Attendance Monitoring System 1.0 has SQL Injection via user/controller.php?action=edit. | 2019-03-21 | 7.5 | CVE-2018-18798 MISC EXPLOIT-DB |
solarwinds -- serv-u_ftp_server | SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file. | 2019-03-21 | 9.0 | CVE-2018-15906 MISC MISC MISC |
thresholdsecurity -- evisitorpass | eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system. | 2019-03-21 | 7.2 | CVE-2018-17493 XF |
thresholdsecurity -- evisitorpass | eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system. | 2019-03-21 | 7.2 | CVE-2018-17494 XF |
thresholdsecurity -- evisitorpass | eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt. | 2019-03-21 | 7.2 | CVE-2018-17495 XF |
thresholdsecurity -- evisitorpass | eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system. | 2019-03-21 | 7.2 | CVE-2018-17496 XF |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abantecart -- abantecart | AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring. | 2019-03-21 | 4.3 | CVE-2018-20141 MISC MISC MISC |
advance_b2b_script_project -- advance_b2b_script | PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | 2019-03-21 | 6.8 | CVE-2018-20633 MISC |
advance_b2b_script_project -- advance_b2b_script | PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field. | 2019-03-21 | 4.0 | CVE-2018-20634 MISC |
advance_b2b_script_project -- advance_b2b_script | PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | 2019-03-21 | 4.0 | CVE-2018-20635 MISC |
airdrop_project -- airdrop | The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port. | 2019-03-15 | 5.0 | CVE-2019-9832 EXPLOIT-DB MISC |
airties -- air_5341_firmware | AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. | 2019-03-21 | 6.8 | CVE-2019-6967 MISC MISC MISC EXPLOIT-DB |
artifex -- ghostscript | In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. | 2019-03-21 | 6.8 | CVE-2019-6116 CONFIRM CONFIRM MISC MLIST MLIST BID REDHAT MISC CONFIRM MLIST FEDORA FEDORA UBUNTU DEBIAN EXPLOIT-DB |
bestpractical -- request_tracker | The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. | 2019-03-21 | 5.0 | CVE-2018-18898 CONFIRM FEDORA FEDORA |
booking_calendar_project -- booking_calendar | SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter. | 2019-03-21 | 6.5 | CVE-2018-20556 MISC EXPLOIT-DB |
bose -- soundtouch | An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app. | 2019-03-21 | 4.3 | CVE-2018-12638 MISC MISC |
broadcastboxes -- scion-8_firmware | CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser. | 2019-03-15 | 5.0 | CVE-2019-5616 MISC |
capmon -- access_manager | An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the command crashes, and there is also a race condition in all cases. | 2019-03-15 | 6.9 | CVE-2018-18253 MISC |
capmon -- access_manager | An issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname. | 2019-03-15 | 4.6 | CVE-2018-18254 MISC |
car_rental_script_project -- car_rental_script | PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php. | 2019-03-21 | 6.8 | CVE-2018-20648 MISC |
colossusxt -- colossuscoinxt | ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | 2019-03-21 | 5.0 | CVE-2018-19158 MISC CONFIRM MISC |
coyoapp -- coyo | COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by "iFrame" widgets. | 2019-03-21 | 4.3 | CVE-2018-16519 MISC MISC MISC CONFIRM |
cryptobots -- battletoken | An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user. | 2019-03-15 | 5.0 | CVE-2018-17882 MISC MISC |
deltek -- ajera | Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application. | 2019-03-21 | 6.5 | CVE-2018-20221 MISC MISC |
dnnsoftware -- dotnetnuke | DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. | 2019-03-21 | 4.3 | CVE-2018-14486 MISC MISC |
dropbear_ssh_project -- dropbear_ssh | It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts. | 2019-03-21 | 5.0 | CVE-2017-2659 CONFIRM MISC |
ens -- webgalamb | wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS. | 2019-03-21 | 4.3 | CVE-2018-19509 MISC MISC |
ens -- webgalamb | wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password. | 2019-03-21 | 4.3 | CVE-2018-19511 MISC MISC |
ens -- webgalamb | In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors. | 2019-03-21 | 5.0 | CVE-2018-19513 MISC MISC |
fasterxml -- jackson-databind | An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. | 2019-03-21 | 5.1 | CVE-2018-12022 CONFIRM CONFIRM CONFIRM MISC MISC MISC |
fasterxml -- jackson-databind | An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. | 2019-03-21 | 5.1 | CVE-2018-12023 MISC MISC MISC MISC MISC CONFIRM CONFIRM |
fedoraproject -- fedora | Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. | 2019-03-21 | 5.0 | CVE-2019-5885 CONFIRM CONFIRM CONFIRM CONFIRM |
five9 -- agent_desktop_plus | Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(issue 1 of 2). | 2019-03-21 | 5.0 | CVE-2018-15508 MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA remerge method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7347. | 2019-03-21 | 6.8 | CVE-2019-6727 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7353. | 2019-03-21 | 4.3 | CVE-2019-6728 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7423. | 2019-03-21 | 6.8 | CVE-2019-6729 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the popUpMenu method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7368. | 2019-03-21 | 6.8 | CVE-2019-6730 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7369. | 2019-03-21 | 6.8 | CVE-2019-6731 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFParseDateEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7453. | 2019-03-21 | 4.3 | CVE-2019-6732 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7576. | 2019-03-21 | 4.3 | CVE-2019-6733 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7452. | 2019-03-21 | 4.3 | CVE-2019-6734 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7355. | 2019-03-21 | 4.3 | CVE-2019-6735 MISC MISC |
fujitsu -- gk900_firmware | The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption. | 2019-03-15 | 5.8 | CVE-2019-9835 BID MISC |
get-simple. -- getsimplecms | GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. | 2019-03-21 | 5.8 | CVE-2019-9915 MISC MISC |
haproxy -- haproxy | An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame. | 2019-03-21 | 5.0 | CVE-2018-20615 MLIST BID REDHAT UBUNTU MLIST |
ibm -- infosphere_streams | IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632. | 2019-03-21 | 4.3 | CVE-2017-1713 CONFIRM XF |
image_sharing_script_project -- image_sharing_script | PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar. | 2019-03-21 | 5.0 | CVE-2019-7430 MISC |
image_sharing_script_project -- image_sharing_script | PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory. | 2019-03-21 | 4.0 | CVE-2019-7431 MISC |
jollytech -- lobby_track | Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and signing in as a visitor, an attacker could exploit this vulnerability using the command line to break out of kiosk mode. | 2019-03-21 | 4.6 | CVE-2018-17487 XF |
jollytech -- lobby_track | Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and accessing the print badge screen, an attacker could exploit this vulnerability using the command line to break out of kiosk mode. | 2019-03-21 | 4.6 | CVE-2018-17488 XF |
layerbb -- layerbb | LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/. | 2019-03-21 | 5.8 | CVE-2018-17996 MISC MISC MISC EXPLOIT-DB |
layerbb -- layerbb | LayerBB 1.1.1 allows XSS via the titles of conversations (PMs). | 2019-03-21 | 4.3 | CVE-2018-17997 MISC CONFIRM EXPLOIT-DB |
macpaw -- cleanmymac_x | An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. | 2019-03-21 | 6.6 | CVE-2019-5011 MISC |
microweber -- microweber | Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. | 2019-03-21 | 4.3 | CVE-2018-19917 MISC MISC MISC MISC |
moodle -- moodle | Moodle 3.5.x before 3.5.4 allows SSRF. | 2019-03-21 | 6.0 | CVE-2019-6970 MISC |
my-netdata -- netdata | The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. | 2019-03-15 | 4.3 | CVE-2019-9834 EXPLOIT-DB MISC |
opentext -- documentum_webtop | XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable. | 2019-03-21 | 4.3 | CVE-2019-7416 MISC FULLDISC MISC |
phamm -- phamm | Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter). | 2019-03-17 | 4.3 | CVE-2018-20806 MISC |
podcastgenerator -- podcast_generator | Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter. | 2019-03-21 | 4.3 | CVE-2018-20121 MISC MISC MISC MISC |
portier -- portier | An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the application can be easily decrypted. | 2019-03-21 | 5.0 | CVE-2019-5723 MISC BUGTRAQ MISC |
property_rental_software_project -- property_rental_software | PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory. | 2019-03-21 | 4.0 | CVE-2019-7429 MISC |
putty -- putty | A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. | 2019-03-21 | 6.4 | CVE-2019-9894 MISC |
putty -- putty | In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | 2019-03-21 | 4.6 | CVE-2019-9896 MISC |
putty -- putty | Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | 2019-03-21 | 5.0 | CVE-2019-9897 MISC |
qemu -- qemu | In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. | 2019-03-21 | 4.6 | CVE-2019-6778 SUSE MISC BID FEDORA MISC |
rdesktop -- rdesktop | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak. | 2019-03-15 | 5.0 | CVE-2018-20174 BID MISC MLIST CONFIRM GENTOO DEBIAN |
rdesktop -- rdesktop | rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). | 2019-03-15 | 5.0 | CVE-2018-20175 BID MISC MLIST CONFIRM GENTOO DEBIAN |
rdesktop -- rdesktop | rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault). | 2019-03-15 | 5.0 | CVE-2018-20176 BID MISC MLIST CONFIRM GENTOO DEBIAN |
rdesktop -- rdesktop | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault). | 2019-03-15 | 5.0 | CVE-2018-20178 BID MISC MLIST CONFIRM GENTOO DEBIAN |
rental_bike_script_project -- rental_bike_script | PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | 2019-03-21 | 6.8 | CVE-2019-7433 MISC |
rental_bike_script_project -- rental_bike_script | PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory. | 2019-03-21 | 4.0 | CVE-2019-7434 MISC |
reputeinfosystems -- repute_arforms | An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php. | 2019-03-21 | 6.4 | CVE-2018-15818 MISC MISC |
roxyfileman -- roxy_fileman | Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php. | 2019-03-21 | 5.0 | CVE-2018-20525 MISC EXPLOIT-DB |
s-cms -- s-cms | S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. | 2019-03-22 | 4.3 | CVE-2019-9925 MISC |
saltos -- saltos | SaltOS 3.1 r8126 allows CSRF. | 2019-03-21 | 4.3 | CVE-2018-18762 MISC EXPLOIT-DB |
screen_stream_project -- screen_stream | The Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests. | 2019-03-15 | 5.0 | CVE-2019-9833 EXPLOIT-DB |
simplenia -- pages | The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS. | 2019-03-21 | 4.3 | CVE-2018-19498 MISC MISC MISC |
top-vision -- cc8800ce_firmware | Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie. | 2019-03-15 | 5.0 | CVE-2018-18205 MISC MISC |
twiki -- twiki | bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter. | 2019-03-21 | 4.3 | CVE-2018-20212 MISC MISC MISC |
wowza -- streaming_engine | The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request. | 2019-03-21 | 5.0 | CVE-2018-19365 MISC |
zenphoto -- zenphoto | Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters. | 2019-03-21 | 4.3 | CVE-2018-20140 MISC MISC MISC MISC MISC |
zohocorp -- manageengine_netflow_analyzer | XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. | 2019-03-21 | 4.3 | CVE-2019-7422 MISC FULLDISC MISC |
zohocorp -- manageengine_netflow_analyzer | XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. | 2019-03-21 | 4.3 | CVE-2019-7423 MISC FULLDISC MISC |
zohocorp -- manageengine_netflow_analyzer | XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903. | 2019-03-21 | 4.3 | CVE-2019-7424 MISC FULLDISC MISC |
zohocorp -- manageengine_netflow_analyzer | XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. | 2019-03-21 | 4.3 | CVE-2019-7425 MISC FULLDISC MISC |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
advance_b2b_script_project -- advance_b2b_script | PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field. | 2019-03-21 | 3.5 | CVE-2018-20632 MISC |
avast -- free_antivirus | Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data. | 2019-03-21 | 2.1 | CVE-2018-12572 MISC |
envoy -- passport | Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information. | 2019-03-21 | 2.1 | CVE-2018-17499 XF |
hidglobal -- easylobby_solo | EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers. | 2019-03-21 | 2.1 | CVE-2018-17489 XF |
hidglobal -- easylobby_solo | EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will. | 2019-03-21 | 3.6 | CVE-2018-17490 XF |
hidglobal -- easylobby_solo | EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. | 2019-03-21 | 2.1 | CVE-2018-17492 XF |
jollytech -- lobby_track | Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information. | 2019-03-21 | 2.1 | CVE-2018-17482 XF |
jollytech -- lobby_track | Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information. | 2019-03-21 | 2.1 | CVE-2018-17483 XF |
jollytech -- lobby_track | Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Sample Database.mdb database while in kiosk mode. By using attack vectors outlined in kiosk breakout, an attacker could exploit this vulnerability to view and edit the database. | 2019-03-21 | 3.6 | CVE-2018-17484 XF |
jollytech -- lobby_track | Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. | 2019-03-21 | 2.1 | CVE-2018-17485 XF |
jollytech -- lobby_track | Lobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host. | 2019-03-21 | 3.6 | CVE-2018-17486 XF |
opensuse -- yast2-samba-provision | In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list | 2019-03-15 | 2.1 | CVE-2018-17956 CONFIRM |
qemu -- qemu | In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. | 2019-03-21 | 2.1 | CVE-2018-18849 SUSE SUSE SUSE MISC FEDORA MISC UBUNTU |
securenvoy -- securaccess | An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. | 2019-03-21 | 1.9 | CVE-2018-18466 MISC |
thresholdsecurity -- evisitorpass | eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. | 2019-03-21 | 2.1 | CVE-2018-17497 XF |
webmin -- webmin | Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter. | 2019-03-21 | 3.5 | CVE-2018-19191 MISC CONFIRM |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- hadoop |
In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms. | 2019-03-21 | not yet calculated | CVE-2018-11767 MLIST MLIST MLIST |
apache -- heron |
When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd. | 2019-03-21 | not yet calculated | CVE-2018-11789 BID MLIST |
apache -- karaf |
Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with ".." directory names and break out of the directories to write arbitrary content to the filesystem. This is the "Zip-slip" vulnerability - https://ift.tt/2syq9ei. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted. | 2019-03-21 | not yet calculated | CVE-2019-0191 BID MLIST |
audiocodes -- ip_phone_420hd_devices |
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution. | 2019-03-21 | not yet calculated | CVE-2018-10093 MISC MISC MISC |
audiocodes -- ip_phone_420hd_devices |
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS. | 2019-03-21 | not yet calculated | CVE-2018-10091 MISC MISC |
barracuda -- vpn_client | The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. | 2019-03-21 | not yet calculated | CVE-2019-6724 CONFIRM MISC CONFIRM |
bash -- bash |
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. | 2019-03-22 | not yet calculated | CVE-2019-9924 MISC MISC |
blackberry -- athoc |
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field. | 2019-03-21 | not yet calculated | CVE-2019-8997 MISC |
blogengine.net -- blogengine.net |
An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user. | 2019-03-21 | not yet calculated | CVE-2019-6714 MISC MISC MISC EXPLOIT-DB |
bmc -- remedy_mid-tier |
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. | 2019-03-21 | not yet calculated | CVE-2018-18862 MISC MISC CONFIRM |
chinamobile -- plc_wireless_router | ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. | 2019-03-21 | not yet calculated | CVE-2019-6282 MISC MISC EXPLOIT-DB MISC |
chinamobile -- plc_wireless_router |
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. | 2019-03-21 | not yet calculated | CVE-2019-6279 MISC MISC EXPLOIT-DB MISC |
cisco -- ip_phone_7800_series_and_ip_phone_8800_series |
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series. | 2019-03-22 | not yet calculated | CVE-2019-1716 CISCO |
cisco -- ip_phone_8800_series | A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 12.5(1)SR1. | 2019-03-22 | not yet calculated | CVE-2019-1766 CISCO |
cisco -- ip_phone_8800_series | A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. | 2019-03-22 | not yet calculated | CVE-2019-1765 CISCO |
cisco -- ip_phone_8800_series |
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected. | 2019-03-22 | not yet calculated | CVE-2019-1763 CISCO |
cisco -- ip_phone_8800_series |
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected. | 2019-03-22 | not yet calculated | CVE-2019-1764 CISCO |
ckeditor -- ckeditor |
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. | 2019-03-21 | not yet calculated | CVE-2019-9870 MISC MISC |
controlbyweb -- x-320m-i_web-enabled instrumentation-grade_data_acquisition_module | A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. | 2019-03-21 | not yet calculated | CVE-2018-18882 BID MISC |
controlbyweb -- x-320m-i_web-enabled instrumentation-grade_data_acquisition_module |
A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. | 2019-03-21 | not yet calculated | CVE-2018-18881 BID MISC |
core_ftp -- core_ftp | An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date. | 2019-03-22 | not yet calculated | CVE-2019-9649 CONFIRM BID FULLDISC EXPLOIT-DB |
core_ftp -- core_ftp |
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information. | 2019-03-22 | not yet calculated | CVE-2019-9648 CONFIRM BID FULLDISC EXPLOIT-DB |
coturn -- coturn |
An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server. | 2019-03-21 | not yet calculated | CVE-2018-4059 MISC |
coturn -- coturn |
An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability. | 2019-03-21 | not yet calculated | CVE-2018-4058 MISC |
cujo -- smart_firewall |
An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. | 2019-03-21 | not yet calculated | CVE-2018-3985 MISC |
cujo -- smart_firewall |
An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. | 2019-03-21 | not yet calculated | CVE-2018-4003 MISC |
cujo -- smart_firewall |
An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry. | 2019-03-21 | not yet calculated | CVE-2018-3963 MISC |
cujo -- smart_firewall |
An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. | 2019-03-21 | not yet calculated | CVE-2018-4011 MISC |
cujo -- smart_firewall |
An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability. | 2019-03-21 | not yet calculated | CVE-2018-4030 MISC |
cujo -- smart_firewall |
An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf. | 2019-03-21 | not yet calculated | CVE-2018-3969 MISC |
denx -- das_u-boot |
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot. | 2019-03-21 | not yet calculated | CVE-2018-3968 MISC |
digi -- transport_lr54 |
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root. | 2019-03-21 | not yet calculated | CVE-2018-20162 MISC MISC MISC |
donfig -- donfig | An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution. | 2019-03-21 | not yet calculated | CVE-2019-7537 MISC MISC |
doorkeeper -- openidconnect |
Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow. | 2019-03-21 | not yet calculated | CVE-2019-9837 MISC MISC MISC |
envoy -- passport_for_android_and_passport_for_iphone |
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information. | 2019-03-21 | not yet calculated | CVE-2018-17500 XF |
ericsson -- active_library_explorer |
XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter. | 2019-03-21 | not yet calculated | CVE-2019-7417 MISC FULLDISC MISC |
fatek -- automation_pm_designer_and_automation_fv_designer |
A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. | 2019-03-21 | not yet calculated | CVE-2016-5800 MISC |
flexera_software -- flexnet_publisher | A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | 2019-03-21 | not yet calculated | CVE-2018-20034 CONFIRM |
flexera_software -- flexnet_publisher | A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | 2019-03-21 | not yet calculated | CVE-2018-20032 CONFIRM |
flexera_software -- flexnet_publisher |
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | 2019-03-21 | not yet calculated | CVE-2018-20031 CONFIRM |
gl.inet -- gl-ar300m-lite_devices | Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | 2019-03-21 | not yet calculated | CVE-2019-6275 MISC EXPLOIT-DB |
gl.inet -- gl-ar300m-lite_devices | Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. | 2019-03-21 | not yet calculated | CVE-2019-6274 MISC EXPLOIT-DB |
gl.inet -- gl-ar300m-lite_devices | download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. | 2019-03-21 | not yet calculated | CVE-2019-6273 MISC EXPLOIT-DB |
gl.inet -- gl-ar300m-lite_devices |
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | 2019-03-21 | not yet calculated | CVE-2019-6272 MISC EXPLOIT-DB |
gnu -- tar |
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. | 2019-03-22 | not yet calculated | CVE-2019-9923 MISC MISC MISC |
graphviz -- graphviz |
An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. | 2019-03-21 | not yet calculated | CVE-2019-9904 MISC MISC |
heimdal_security -- thor_agent |
Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2019-03-21 | not yet calculated | CVE-2019-8351 MISC |
hms_industrial_networks -- netbiter_ws100_devices |
HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form. | 2019-03-21 | not yet calculated | CVE-2018-19694 MISC MISC CONFIRM MISC |
hospira -- symbiq_infusion_system |
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function. | 2019-03-23 | not yet calculated | CVE-2015-3965 MISC |
hostapd -- hostapd |
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. | 2019-03-23 | not yet calculated | CVE-2016-10743 MISC |
humhub -- humhub | A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS. | 2019-03-21 | not yet calculated | CVE-2019-9094 MISC |
humhub -- humhub |
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS. | 2019-03-21 | not yet calculated | CVE-2019-9093 MISC |
ibm -- api_connect |
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544. | 2019-03-22 | not yet calculated | CVE-2019-4052 CONFIRM XF |
ibm -- content_navigator |
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001. | 2019-03-22 | not yet calculated | CVE-2019-4035 CONFIRM XF |
ibm -- db2_for_linux_and_unix_and_windows |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014. | 2019-03-21 | not yet calculated | CVE-2019-4094 XF CONFIRM |
ibm -- power_9_systems |
The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345. | 2019-03-21 | not yet calculated | CVE-2018-1992 XF CONFIRM |
ibm -- websphere_mq |
IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661. | 2019-03-21 | not yet calculated | CVE-2018-1836 BID XF CONFIRM |
imagemagick -- imagemagick |
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. | 2019-03-23 | not yet calculated | CVE-2019-9956 BID MISC |
insteon -- hub |
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request At 0x9d014dd8 the value for the id key is copied using strcpy to the buffer at $sp+0x290. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2019-03-21 | not yet calculated | CVE-2017-16253 MISC |
insteon -- hub |
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at At 0x9d014e84 the value for the cmd1 key is copied using strcpy to the buffer at $sp+0x280. This buffer is 16 bytes large. | 2019-03-21 | not yet calculated | CVE-2017-16255 MISC |
insteon -- hub |
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2019-03-21 | not yet calculated | CVE-2017-16254 MISC |
invoiceplane -- invoiceplane |
InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255. | 2019-03-21 | not yet calculated | CVE-2019-7223 MISC |
iobit -- smart_defrag |
SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool. | 2019-03-21 | not yet calculated | CVE-2019-6492 MISC |
ipycache -- ipycache | A code injection issue was discovered in ipycache through 2016-05-31. | 2019-03-21 | not yet calculated | CVE-2019-7539 CONFIRM |
jiofi -- 4g_m2s_devices | JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). | 2019-03-21 | not yet calculated | CVE-2019-7440 MISC |
kentix -- multisensor-lan_devices |
Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel. | 2019-03-21 | not yet calculated | CVE-2018-19783 MISC MISC |
kill-port -- kill-port | If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2. | 2019-03-21 | not yet calculated | CVE-2019-5414 MISC |
lenovo -- dynamic_power_reduction_utility |
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges. | 2019-03-17 | not yet calculated | CVE-2019-6149 BID CONFIRM |
libseccomp -- libseccomp |
libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations. | 2019-03-21 | not yet calculated | CVE-2019-9893 MISC MISC |
libsndfile -- libsndfile |
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. | 2019-03-21 | not yet calculated | CVE-2019-3832 CONFIRM CONFIRM CONFIRM |
libssh2 -- libssh2 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | 2019-03-21 | not yet calculated | CVE-2019-3858 MISC MLIST BID CONFIRM FEDORA BUGTRAQ MISC |
libssh2 -- libssh2 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | 2019-03-21 | not yet calculated | CVE-2019-3859 MISC MLIST BID CONFIRM FEDORA BUGTRAQ MISC |
libssh2 -- libssh2 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | 2019-03-21 | not yet calculated | CVE-2019-3862 MISC MLIST BID CONFIRM FEDORA BUGTRAQ MISC |
libssh2 -- libssh2 |
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. | 2019-03-21 | not yet calculated | CVE-2019-3855 MISC MLIST BID CONFIRM FEDORA BUGTRAQ MISC |
limesurvey -- limesurvey |
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. | 2019-03-23 | not yet calculated | CVE-2019-9960 MISC |
linux -- kernel |
In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service. | 2019-03-21 | not yet calculated | CVE-2019-9857 BID MISC MISC |
linux -- kernel |
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. | 2019-03-21 | not yet calculated | CVE-2018-19985 MISC MISC MISC MISC MISC |
linux -- kernel |
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. | 2019-03-21 | not yet calculated | CVE-2018-20669 MISC MLIST MLIST BID MISC |
linux -- kernel |
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. | 2019-03-21 | not yet calculated | CVE-2019-7222 SUSE MISC MLIST BID CONFIRM CONFIRM MISC FEDORA FEDORA |
linux -- kernel |
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. | 2019-03-21 | not yet calculated | CVE-2019-7221 SUSE MISC MISC CONFIRM CONFIRM MISC FEDORA FEDORA |
localhost-now -- localhost-now |
A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server. | 2019-03-21 | not yet calculated | CVE-2019-5416 MISC |
logonbox -- nervepoint_access_manager |
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request. | 2019-03-21 | not yet calculated | CVE-2019-6716 MISC EXPLOIT-DB MISC |
mailcleaner -- mailcleaner_community_edition |
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands. | 2019-03-21 | not yet calculated | CVE-2018-20323 MISC MISC |
mastercard -- qkr!_with_masterpass |
The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier. | 2019-03-21 | not yet calculated | CVE-2019-6702 MISC FULLDISC MISC MISC |
morgan -- morgan |
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. | 2019-03-21 | not yet calculated | CVE-2019-5413 MISC |
moxa -- oncell_g3100v2_series_and_oncell g3111/g3151/g3211/g3251_series |
Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user?s browser within the trust relationship between their browser and the server. | 2019-03-21 | not yet calculated | CVE-2016-5819 MISC |
moxa -- softcms |
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. | 2019-03-21 | not yet calculated | CVE-2015-6457 MISC |
moxa -- softcms |
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. | 2019-03-21 | not yet calculated | CVE-2015-6458 MISC |
mybb -- mybb |
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page. | 2019-03-21 | not yet calculated | CVE-2018-14724 EXPLOIT-DB |
mybb -- mybb |
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject. | 2019-03-21 | not yet calculated | CVE-2018-14575 MISC MISC MISC |
netapp -- service_processor |
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. | 2019-03-21 | not yet calculated | CVE-2019-5490 CONFIRM |
netiq -- edirectory |
NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security. | 2019-03-21 | not yet calculated | CVE-2016-9166 CONFIRM |
nokia -- 8810_4g_devices |
A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device. | 2019-03-21 | not yet calculated | CVE-2019-7386 MISC FULLDISC MISC MISC MISC |
open-xchange -- ox_app_suite |
OX App Suite 7.8.4 and earlier allows SSRF. | 2019-03-21 | not yet calculated | CVE-2018-13103 MISC MISC |
open-xchange -- ox_app_suite |
OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID) | 2019-03-21 | not yet calculated | CVE-2018-13104 MISC MISC |
opentext -- portal |
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. | 2019-03-22 | not yet calculated | CVE-2018-20165 MISC |
opera_software -- opera |
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed. | 2019-03-21 | not yet calculated | CVE-2018-18913 CONFIRM MISC |
patlite -- nbm-d88n_and_nhl-3fb1_and_nhl-3fv1n_devices |
A hidden backdoor on PATLITE NBM-D88N, NHL-3FB1, and NHL-3FV1N devices allows attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system. | 2019-03-21 | not yet calculated | CVE-2018-18473 MISC |
phpscriptsmall.com -- advance_crowdfunding_script | PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | 2019-03-21 | not yet calculated | CVE-2018-20630 MISC |
phpscriptsmall.com -- basic_b2b_script | PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. | 2019-03-21 | not yet calculated | CVE-2018-20644 MISC |
phpscriptsmall.com -- basic_b2b_script | PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field. | 2019-03-21 | not yet calculated | CVE-2018-20645 MISC |
phpscriptsmall.com -- basic_b2b_script | PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory. | 2019-03-21 | not yet calculated | CVE-2018-20646 MISC |
phpscriptsmall.com -- car_rental_script | PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory. | 2019-03-21 | not yet calculated | CVE-2018-20647 MISC |
phpscriptsmall.com -- charity_foundation_script | PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | 2019-03-21 | not yet calculated | CVE-2018-20628 MISC |
phpscriptsmall.com -- charity_foundation_script | PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | 2019-03-21 | not yet calculated | CVE-2018-20629 MISC |
phpscriptsmall.com -- chartered_accountant | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field. | 2019-03-21 | not yet calculated | CVE-2018-20637 MISC |
phpscriptsmall.com -- chartered_accountant | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | 2019-03-21 | not yet calculated | CVE-2018-20638 MISC |
phpscriptsmall.com -- chartered_accountant | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field. | 2019-03-21 | not yet calculated | CVE-2018-20636 MISC |
phpscriptsmall.com -- consumer_reviews_script | PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box. | 2019-03-21 | not yet calculated | CVE-2018-20627 MISC |
phpscriptsmall.com -- consumer_reviews_script |
PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | 2019-03-21 | not yet calculated | CVE-2018-20626 MISC |
phpscriptsmall.com -- entrepreneur_job_portal_script | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field. | 2019-03-21 | not yet calculated | CVE-2018-20642 MISC |
phpscriptsmall.com -- entrepreneur_job_portal_script | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar. | 2019-03-21 | not yet calculated | CVE-2018-20639 MISC |
phpscriptsmall.com -- entrepreneur_job_portal_script | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | 2019-03-21 | not yet calculated | CVE-2018-20641 MISC |
phpscriptsmall.com -- entrepreneur_job_portal_script | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field. | 2019-03-21 | not yet calculated | CVE-2018-20640 MISC |
phpscriptsmall.com -- entrepreneur_job_portal_script | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | 2019-03-21 | not yet calculated | CVE-2018-20643 MISC |
phpscriptsmall.com -- opensource_classified_ads_script | PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory. | 2019-03-21 | not yet calculated | CVE-2019-7436 MISC |
phpscriptsmall.com -- opensource_classified_ads_script | PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form. | 2019-03-21 | not yet calculated | CVE-2019-7435 MISC |
phpscriptsmall.com -- opensource_classified_ads_script | PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field. | 2019-03-21 | not yet calculated | CVE-2019-7437 MISC |
phpscriptsmall.com -- rental_bike_script | PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section. | 2019-03-21 | not yet calculated | CVE-2019-7432 MISC |
phpscriptsmall.com -- website_seller_script |
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file. | 2019-03-21 | not yet calculated | CVE-2018-20631 MISC |
plohni -- advanced_comment_system |
internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued. | 2019-03-21 | not yet calculated | CVE-2018-18845 MISC MISC |
poppler -- poppler |
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. | 2019-03-21 | not yet calculated | CVE-2019-9903 MISC MISC |
powerdns -- authoritative_server |
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response | 2019-03-21 | not yet calculated | CVE-2019-3871 MLIST BID CONFIRM MISC |
printeron -- enterprise |
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration. | 2019-03-21 | not yet calculated | CVE-2018-17167 MISC |
puppet -- chloride |
Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride. | 2019-03-21 | not yet calculated | CVE-2018-6517 CONFIRM |
puppet -- discovery |
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress. | 2019-03-21 | not yet calculated | CVE-2018-11747 CONFIRM |
python -- python | urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | 2019-03-23 | not yet calculated | CVE-2019-9948 MISC MISC |
python -- python |
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740. | 2019-03-23 | not yet calculated | CVE-2019-9947 MISC |
python-gnupg -- python-gnupg |
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. | 2019-03-21 | not yet calculated | CVE-2019-6690 SUSE SUSE MISC BID MLIST MISC BUGTRAQ |
qemu -- qemu |
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | 2019-03-21 | not yet calculated | CVE-2019-8934 MISC MISC MISC |
qemu -- qemu |
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. | 2019-03-21 | not yet calculated | CVE-2019-6501 MLIST MLIST |
qt -- qt |
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. | 2019-03-21 | not yet calculated | CVE-2018-19872 CONFIRM |
raisecom -- multiple_products | An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system call inside the boa binary. Because there is no user input validation, this leads to authenticated code execution on the device. | 2019-03-21 | not yet calculated | CVE-2019-7384 MISC FULLDISC MISC MISC BID MISC |
raisecom -- multiple_products | An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device. | 2019-03-21 | not yet calculated | CVE-2019-7385 MISC MISC FULLDISC MISC BID MISC |
reliance_jio_infocomm -- jiofi_4g_m2s_devices |
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter. | 2019-03-21 | not yet calculated | CVE-2019-7439 MISC |
reliance_jio_infocomm -- jiofi_4g_m2s_devices | cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. | 2019-03-21 | not yet calculated | CVE-2019-7438 MISC MISC |
risi -- gestao_de_horarios |
RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. | 2019-03-21 | not yet calculated | CVE-2019-6491 MISC |
samsung -- galaxy_s6 | Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029. | 2019-03-21 | not yet calculated | CVE-2018-14745 MISC MISC CONFIRM |
samsung -- x7400gx_syncthru_web_service | XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL. | 2019-03-21 | not yet calculated | CVE-2019-7421 MISC FULLDISC MISC MISC |
samsung -- x7400gx_syncthru_web_service | XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter. | 2019-03-21 | not yet calculated | CVE-2019-7420 MISC FULLDISC MISC MISC |
samsung -- x7400gx_syncthru_web_service | XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. | 2019-03-21 | not yet calculated | CVE-2019-7419 MISC FULLDISC MISC MISC |
samsung -- x7400gx_syncthru_web_service |
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. | 2019-03-21 | not yet calculated | CVE-2019-7418 MISC FULLDISC MISC MISC |
schneider_electric -- modicon_plc_products | Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. | 2019-03-21 | not yet calculated | CVE-2015-6462 MISC |
schneider_electric -- modicon_plc_products |
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. | 2019-03-21 | not yet calculated | CVE-2015-6461 MISC |
serve -- serve | A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to. | 2019-03-21 | not yet calculated | CVE-2019-5415 MISC |
serve -- serve |
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server. | 2019-03-21 | not yet calculated | CVE-2019-5417 MISC |
shareit -- shareit_for_android |
The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices. | 2019-03-22 | not yet calculated | CVE-2019-9939 MISC |
shareit -- shareit_for_android |
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device." | 2019-03-22 | not yet calculated | CVE-2019-9938 MISC |
shellinabox -- shellinabox |
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down. | 2019-03-21 | not yet calculated | CVE-2018-16789 MISC MISC CONFIRM CONFIRM |
shenzhen_electronics_coship -- multiple_devices |
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router. | 2019-03-21 | not yet calculated | CVE-2019-6441 MISC MISC MISC MISC EXPLOIT-DB EXPLOIT-DB |
shenzhen_skyworth -- multiple_devices |
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7. | 2019-03-21 | not yet calculated | CVE-2018-19524 MISC MISC MISC MISC MISC |
siemens -- multiple_products |
A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-03-21 | not yet calculated | CVE-2018-16563 CONFIRM |
siemens -- sicam_products |
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public. | 2019-03-21 | not yet calculated | CVE-2018-13798 CONFIRM |
signal_messenger -- open_whisper_and_private_messenger |
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets. | 2019-03-23 | not yet calculated | CVE-2019-9970 MISC |
softnas -- cloud |
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data. | 2019-03-23 | not yet calculated | CVE-2019-9945 MISC |
solarwinds -- serv-u_ftp_server |
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. | 2019-03-21 | not yet calculated | CVE-2018-19934 MISC MISC MISC |
sonatype -- nexus_repository_manager |
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. | 2019-03-21 | not yet calculated | CVE-2019-7238 MISC |
splunk -- splunk-sdk-python |
Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. | 2019-03-21 | not yet calculated | CVE-2019-5729 CONFIRM |
sqlite -- sqlite | In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. | 2019-03-22 | not yet calculated | CVE-2019-9937 MISC MISC MISC |
sqlite -- sqlite |
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. | 2019-03-22 | not yet calculated | CVE-2019-9936 MISC MISC MISC |
sqlitemanager -- sqlitemanager |
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued. | 2019-03-21 | not yet calculated | CVE-2019-9083 MISC |
sricam -- ip_cctv_cameras |
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds. | 2019-03-21 | not yet calculated | CVE-2019-6973 MISC MISC EXPLOIT-DB |
synaptics -- touchpad_drivers |
SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses. | 2019-03-21 | not yet calculated | CVE-2018-15532 MISC MISC MISC CONFIRM |
systemd -- systemd |
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). | 2019-03-21 | not yet calculated | CVE-2019-6454 SUSE MLIST MLIST BID REDHAT MISC MLIST FEDORA UBUNTU DEBIAN |
systrome -- cumilon_isg-600c_and_isg-600h_and_isg-800w_devices |
An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/isp_update_edit.php does not properly validate user input, which leads to shell command injection via the des parameter. | 2019-03-21 | not yet calculated | CVE-2019-7383 MISC MISC FULLDISC MISC BID MISC |
systrome -- multiple_devices |
An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation. | 2019-03-21 | not yet calculated | CVE-2018-19525 MISC MISC MISC |
teracue -- enc-400_devices | An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged. | 2019-03-21 | not yet calculated | CVE-2018-20219 MISC MISC MISC |
teracue -- enc-400_devices |
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information. | 2019-03-21 | not yet calculated | CVE-2018-20220 MISC MISC MISC |
teracue -- enc-400_devices |
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form. | 2019-03-21 | not yet calculated | CVE-2018-20218 MISC MISC |
the_receptionist -- the_receptionist_for_ipad |
The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails. | 2019-03-21 | not yet calculated | CVE-2018-17502 XF |
twig -- twig |
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place. | 2019-03-23 | not yet calculated | CVE-2019-9942 MISC MISC |
vanilla -- vanilla |
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server. | 2019-03-21 | not yet calculated | CVE-2019-9889 MISC MISC MISC |
veritas -- netbackup_appliance | An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator. | 2019-03-21 | not yet calculated | CVE-2019-9868 MISC |
veritas -- netbackup_appliance | An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator. | 2019-03-21 | not yet calculated | CVE-2019-9867 MISC |
vertrigoserv -- vertrigoserv |
VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter. | 2019-03-21 | not yet calculated | CVE-2019-8938 MISC MISC MISC |
wifi-soft -- unibox_controller |
An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | 2019-03-21 | not yet calculated | CVE-2019-3496 MISC MLIST MISC |
wifi-soft -- unibox_controller |
An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | 2019-03-21 | not yet calculated | CVE-2019-3497 MISC MLIST MISC |
wifi-soft -- unibox_controller |
An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | 2019-03-21 | not yet calculated | CVE-2019-3495 MISC MLIST MISC |
wordpress -- wordpress | The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO. | 2019-03-21 | not yet calculated | CVE-2019-9912 FULLDISC MISC MISC |
wordpress -- wordpress | The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. | 2019-03-21 | not yet calculated | CVE-2019-9914 FULLDISC MISC MISC |
wordpress -- wordpress | The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. | 2019-03-21 | not yet calculated | CVE-2019-9913 FULLDISC MISC MISC |
wordpress -- wordpress |
The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. | 2019-03-21 | not yet calculated | CVE-2019-9908 FULLDISC MISC MISC MISC |
wordpress -- wordpress |
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account. | 2019-03-21 | not yet calculated | CVE-2018-19488 MISC |
wordpress -- wordpress |
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users. | 2019-03-21 | not yet calculated | CVE-2018-19487 MISC |
wordpress -- wordpress |
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. | 2019-03-21 | not yet calculated | CVE-2019-7441 MISC |
wordpress -- wordpress |
The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. | 2019-03-21 | not yet calculated | CVE-2019-9911 FULLDISC MISC MISC |
wordpress -- wordpress |
A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php. | 2019-03-21 | not yet calculated | CVE-2019-7299 MISC MISC MISC |
wordpress -- wordpress |
The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. | 2019-03-21 | not yet calculated | CVE-2019-9909 FULLDISC MISC MISC MISC |
wordpress -- wordpress |
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. | 2019-03-21 | not yet calculated | CVE-2019-9910 FULLDISC MISC MISC |
wso2 -- api_manager |
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. | 2019-03-21 | not yet calculated | CVE-2018-20736 CONFIRM CONFIRM MISC |
wso2 -- api_manager |
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. | 2019-03-21 | not yet calculated | CVE-2018-20737 CONFIRM CONFIRM MISC |
xnview -- xnview_classic | XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399. | 2019-03-23 | not yet calculated | CVE-2019-9969 MISC |
xnview -- xnview_classic | XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c. | 2019-03-23 | not yet calculated | CVE-2019-9966 MISC |
xnview -- xnview_classic | XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString. | 2019-03-23 | not yet calculated | CVE-2019-9967 MISC |
xnview -- xnview_classic | XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem. | 2019-03-23 | not yet calculated | CVE-2019-9968 MISC |
xnview -- xnview_mp | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey. | 2019-03-23 | not yet calculated | CVE-2019-9964 MISC |
xnview -- xnview_mp | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap. | 2019-03-23 | not yet calculated | CVE-2019-9965 MISC |
xnview -- xnview_mp | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap. | 2019-03-23 | not yet calculated | CVE-2019-9963 MISC |
xnview -- xnview_mp |
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy. | 2019-03-23 | not yet calculated | CVE-2019-9962 MISC |
xpdf -- xpdf | There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-03-21 | not yet calculated | CVE-2019-9878 MISC MISC |
xpdf -- xpdf |
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-03-21 | not yet calculated | CVE-2019-9877 MISC MISC |
yast -- yast2-multipath |
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection | 2019-03-15 | not yet calculated | CVE-2018-17955 CONFIRM |
ysoft -- safeq_server |
YSoft SafeQ Server 6 allows a replay attack. | 2019-03-21 | not yet calculated | CVE-2018-15498 MISC |
yubico -- libu2f-host |
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey. | 2019-03-21 | not yet calculated | CVE-2018-20340 CONFIRM MISC MISC CONFIRM |
zoho_manageengine -- adselfservice_plus |
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data. | 2019-03-21 | not yet calculated | CVE-2019-7161 MISC CONFIRM |
zyxel -- vmg3312-b10b_dsl-491hnu-b1b_modem |
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. | 2019-03-21 | not yet calculated | CVE-2019-7391 MISC MISC EXPLOIT-DB MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/bulletins/SB19-084
Comments
Post a Comment