News aggregator

Vuln: Yokogawa Vnet/IP Open Communication Driver CVE-2018-16196 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Sat, 12/21/2019 - 00:00
Yokogawa Vnet/IP Open Communication Driver CVE-2018-16196 Denial of Service Vulnerability
Categories: Security News

Vuln: Foreman CVE-2018-14664 Multiple HTML Injection Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 10/10/2019 - 00:00
Foreman CVE-2018-14664 Multiple HTML Injection Vulnerabilities
Categories: Security News

CVE-2019-16695

National Vulnerability Database - Sun, 09/22/2019 - 11:15
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
Categories: Security News

CVE-2019-16696

National Vulnerability Database - Sun, 09/22/2019 - 11:15
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
Categories: Security News

CVE-2018-21018

National Vulnerability Database - Sun, 09/22/2019 - 11:15
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
Categories: Security News

CVE-2019-16692

National Vulnerability Database - Sun, 09/22/2019 - 11:15
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
Categories: Security News

CVE-2019-16693

National Vulnerability Database - Sun, 09/22/2019 - 11:15
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
Categories: Security News

CVE-2019-16694

National Vulnerability Database - Sun, 09/22/2019 - 11:15
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.
Categories: Security News

CVE-2019-16680

National Vulnerability Database - Sat, 09/21/2019 - 17:15
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
Categories: Security News

CVE-2019-16681

National Vulnerability Database - Sat, 09/21/2019 - 17:15
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS.
Categories: Security News

CVE-2019-16677

National Vulnerability Database - Sat, 09/21/2019 - 16:15
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
Categories: Security News

CVE-2019-16678

National Vulnerability Database - Sat, 09/21/2019 - 16:15
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
Categories: Security News

CVE-2019-16679

National Vulnerability Database - Sat, 09/21/2019 - 16:15
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
Categories: Security News

CVE-2019-16669

National Vulnerability Database - Sat, 09/21/2019 - 15:15
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.
Categories: Security News

CVE-2019-16656

National Vulnerability Database - Sat, 09/21/2019 - 14:15
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
Categories: Security News

CVE-2019-16657

National Vulnerability Database - Sat, 09/21/2019 - 14:15
TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.
Categories: Security News

CVE-2019-16658

National Vulnerability Database - Sat, 09/21/2019 - 14:15
TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.
Categories: Security News

CVE-2019-16659

National Vulnerability Database - Sat, 09/21/2019 - 14:15
TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.
Categories: Security News

CVE-2019-16660

National Vulnerability Database - Sat, 09/21/2019 - 14:15
joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.
Categories: Security News

CVE-2019-16661

National Vulnerability Database - Sat, 09/21/2019 - 14:15
Ogma CMS 0.5 has XSS via creation of a new blog.
Categories: Security News

Pages