Security News

CVE-2019-1577 (traps)

National Vulnerability Database - Mon, 07/01/2019 - 15:15
Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML.
Categories: Security News

CVE-2019-1578 (minemeld)

National Vulnerability Database - Mon, 07/01/2019 - 15:15
Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin?s browser.
Categories: Security News

CVE-2019-7279 (enterprise, proton)

National Vulnerability Database - Mon, 07/01/2019 - 15:15
Optergy Proton/Enterprise devices have Hard-coded Credentials.
Categories: Security News

CVE-2019-7280

National Vulnerability Database - Mon, 07/01/2019 - 15:15
Prima Systems FlexAir devices have an Insufficient Session-ID Length.
Categories: Security News

CVE-2019-7281

National Vulnerability Database - Mon, 07/01/2019 - 15:15
Prima Systems FlexAir devices allow Cross-Site Request Forgery (CSRF).
Categories: Security News

CVE-2019-7666

National Vulnerability Database - Mon, 07/01/2019 - 15:15
Prima Systems FlexAir devices allow authentication with MD5 hashes directly.
Categories: Security News

CVE-2019-7667

National Vulnerability Database - Mon, 07/01/2019 - 15:15
Prima Systems FlexAir devices allow unauthenticated download of the database configuration backup due to a predictable name, resulting in authentication bypass (a login authenticated with the MD5 hash of any user found in the database).
Categories: Security News

CVE-2019-7668

National Vulnerability Database - Mon, 07/01/2019 - 15:15
Prima Systems FlexAir devices have Default Credentials.
Categories: Security News

CVE-2019-7669

National Vulnerability Database - Mon, 07/01/2019 - 15:15
Prima Systems FlexAir devices allow Unauthenticated Command Injection resulting in Root Remote Code Execution.
Categories: Security News

CVE-2019-7670

National Vulnerability Database - Mon, 07/01/2019 - 15:15
Prima Systems FlexAir devices allow Authenticated Command Injection resulting in Root Remote Code Execution.
Categories: Security News

CVE-2019-12826

National Vulnerability Database - Mon, 07/01/2019 - 14:15
A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.
Categories: Security News

CVE-2016-5235

National Vulnerability Database - Mon, 07/01/2019 - 12:15
A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert.
Categories: Security News

CVE-2016-5236

National Vulnerability Database - Mon, 07/01/2019 - 12:15
Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature.
Categories: Security News

CVE-2019-13131

National Vulnerability Database - Mon, 07/01/2019 - 12:15
Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE.
Categories: Security News

CVE-2019-4357

National Vulnerability Database - Mon, 07/01/2019 - 11:15
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,
Categories: Security News

CVE-2019-4383

National Vulnerability Database - Mon, 07/01/2019 - 11:15
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165.
Categories: Security News

CVE-2019-4386

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.
Categories: Security News

CVE-2019-4410

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657.
Categories: Security News

CVE-2019-4101

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091.
Categories: Security News

CVE-2019-4102

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.
Categories: Security News

Pages