jell.ie CVEs

Read at: 2019-03-22T13:16:58+00:00

CVE-2019-9923

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

Source: National Vulnerability Database | 22 Mar 2019 | 8:29 am GMT

CVE-2019-9924

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

Source: National Vulnerability Database | 22 Mar 2019 | 8:29 am GMT

CVE-2019-9927

Caret before 2019-02-22 allows Remote Code Execution.

Source: National Vulnerability Database | 22 Mar 2019 | 8:29 am GMT

CVE-2019-9936

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.

Source: National Vulnerability Database | 22 Mar 2019 | 8:29 am GMT

CVE-2019-9938

The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device."

Source: National Vulnerability Database | 22 Mar 2019 | 8:29 am GMT

CVE-2019-9937

In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.

Source: National Vulnerability Database | 22 Mar 2019 | 8:29 am GMT

CVE-2019-9939

The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices.

Source: National Vulnerability Database | 22 Mar 2019 | 8:29 am GMT

CVE-2019-9925

S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.

Source: National Vulnerability Database | 22 Mar 2019 | 8:29 am GMT

CVE-2019-9908

The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS.

Source: National Vulnerability Database | 22 Mar 2019 | 12:29 am GMT

CVE-2019-9915

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.

Source: National Vulnerability Database | 22 Mar 2019 | 12:29 am GMT

CVE-2019-9914

The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS.

Source: National Vulnerability Database | 22 Mar 2019 | 12:29 am GMT

CVE-2019-9913

The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.

Source: National Vulnerability Database | 22 Mar 2019 | 12:29 am GMT

CVE-2019-9909

The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS.

Source: National Vulnerability Database | 22 Mar 2019 | 12:29 am GMT

CVE-2019-9910

The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.

Source: National Vulnerability Database | 22 Mar 2019 | 12:29 am GMT

CVE-2019-9911

The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS.

Source: National Vulnerability Database | 22 Mar 2019 | 12:29 am GMT

CVE-2019-9912

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.

Source: National Vulnerability Database | 22 Mar 2019 | 12:29 am GMT

CVE-2018-18913

Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed.

Source: National Vulnerability Database | 21 Mar 2019 | 10:29 pm GMT

CVE-2018-20032

A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.

Source: National Vulnerability Database | 21 Mar 2019 | 9:29 pm GMT

CVE-2018-20031

A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.

Source: National Vulnerability Database | 21 Mar 2019 | 9:29 pm GMT

CVE-2019-3871

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response

Source: National Vulnerability Database | 21 Mar 2019 | 9:29 pm GMT

CVE-2019-3858

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Source: National Vulnerability Database | 21 Mar 2019 | 9:29 pm GMT

CVE-2019-3855

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Source: National Vulnerability Database | 21 Mar 2019 | 9:29 pm GMT

CVE-2018-20034

A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.

Source: National Vulnerability Database | 21 Mar 2019 | 9:29 pm GMT

CVE-2019-7539

A code injection issue was discovered in ipycache through 2016-05-31.

Source: National Vulnerability Database | 21 Mar 2019 | 9:29 pm GMT

CVE-2019-8351

Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.

Source: National Vulnerability Database | 21 Mar 2019 | 9:29 pm GMT

CVE-2019-7537

An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution.

Source: National Vulnerability Database | 21 Mar 2019 | 8:29 pm GMT

CVE-2015-6457

Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.

Source: National Vulnerability Database | 21 Mar 2019 | 8:29 pm GMT

CVE-2015-6458

Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.

Source: National Vulnerability Database | 21 Mar 2019 | 8:29 pm GMT

CVE-2015-6462

Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.

Source: National Vulnerability Database | 21 Mar 2019 | 7:29 pm GMT

CVE-2018-13798

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public.

Source: National Vulnerability Database | 21 Mar 2019 | 7:29 pm GMT

CVE-2015-6461

Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.

Source: National Vulnerability Database | 21 Mar 2019 | 7:29 pm GMT

CVE-2019-5490

Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.

Source: National Vulnerability Database | 21 Mar 2019 | 7:29 pm GMT

CVE-2019-9904

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.

Source: National Vulnerability Database | 21 Mar 2019 | 6:29 pm GMT

CVE-2019-8997

An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field.

Source: National Vulnerability Database | 21 Mar 2019 | 6:29 pm GMT

CVE-2019-9903

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

Source: National Vulnerability Database | 21 Mar 2019 | 6:29 pm GMT

CVE-2019-7238

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

Source: National Vulnerability Database | 21 Mar 2019 | 5:29 pm GMT

CVE-2018-3968

An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.

Source: National Vulnerability Database | 21 Mar 2019 | 5:29 pm GMT

CVE-2017-16255

An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at At 0x9d014e84 the value for the cmd1 key is copied using strcpy to the buffer at $sp+0x280. This buffer is 16 bytes large.

Source: National Vulnerability Database | 21 Mar 2019 | 5:29 pm GMT

CVE-2017-16254

An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.

Source: National Vulnerability Database | 21 Mar 2019 | 5:29 pm GMT

CVE-2017-16253

An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request At 0x9d014dd8 the value for the id key is copied using strcpy to the buffer at $sp+0x290. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.

Source: National Vulnerability Database | 21 Mar 2019 | 5:29 pm GMT

CVE-2019-6491

RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.

Source: National Vulnerability Database | 21 Mar 2019 | 4:29 pm GMT

CVE-2018-4011

An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.

Source: National Vulnerability Database | 21 Mar 2019 | 4:29 pm GMT

CVE-2018-3963

An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry.

Source: National Vulnerability Database | 21 Mar 2019 | 4:29 pm GMT

CVE-2018-3985

An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.

Source: National Vulnerability Database | 21 Mar 2019 | 4:29 pm GMT

CVE-2018-4003

An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.

Source: National Vulnerability Database | 21 Mar 2019 | 4:29 pm GMT

CVE-2018-4030

An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability.

Source: National Vulnerability Database | 21 Mar 2019 | 4:29 pm GMT

CVE-2018-3969

An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf.

Source: National Vulnerability Database | 21 Mar 2019 | 4:29 pm GMT

CVE-2019-9897 (putty)

Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9837

Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9895 (putty)

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9898 (putty)

Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9893

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9896 (putty)

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9867

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9878

There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9870

plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9877

There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9868

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9894 (putty)

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9857

In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9889

In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9094

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-8938

VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9083

SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-9093

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7437

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7431

PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7421

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7429

PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7430

PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7433

PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7438

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7425

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7435

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7436

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7439

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7441

cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7424

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7423

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7422

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7434

PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7432

PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7440

JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7419

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7420

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7391

ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7417

XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7418

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7386

A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7416

XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7299

A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7383

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/isp_update_edit.php does not properly validate user input, which leads to shell command injection via the des parameter.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7385

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7222

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7384

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system call inside the boa binary. Because there is no user input validation, this leads to authenticated code execution on the device.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-7223

InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-6778

In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-6735 (phantompdf, reader)

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7355.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

CVE-2019-6973

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.

Source: National Vulnerability Database | 21 Mar 2019 | 4:01 pm GMT

count: 100