Security News

CVE-2019-8902

National Vulnerability Database - Mon, 02/18/2019 - 09:29
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
Categories: Security News

Vuln: SolarWinds Orion Network Performance Monitor (NPM) CVE-2019-8917 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Mon, 02/18/2019 - 00:00
SolarWinds Orion Network Performance Monitor (NPM) CVE-2019-8917 Remote Code Execution Vulnerability
Categories: Security News

Vuln: Multiple F5 BIG-IP Products CVE-2018-15319 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Mon, 02/18/2019 - 00:00
Multiple F5 BIG-IP Products CVE-2018-15319 Denial of Service Vulnerability
Categories: Security News

Vuln: Multiple Dasan GPON Routers Command Injection and Authentication Bypass Vulnerabilities

SecurityFocus Vulnerabilities - Mon, 02/18/2019 - 00:00
Multiple Dasan GPON Routers Command Injection and Authentication Bypass Vulnerabilities
Categories: Security News

CVE-2019-8423

National Vulnerability Database - Sun, 02/17/2019 - 19:29
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
Categories: Security News

CVE-2019-8424

National Vulnerability Database - Sun, 02/17/2019 - 19:29
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
Categories: Security News

CVE-2019-8425

National Vulnerability Database - Sun, 02/17/2019 - 19:29
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
Categories: Security News

CVE-2019-8426

National Vulnerability Database - Sun, 02/17/2019 - 19:29
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
Categories: Security News

CVE-2019-8427

National Vulnerability Database - Sun, 02/17/2019 - 19:29
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
Categories: Security News

CVE-2019-8428

National Vulnerability Database - Sun, 02/17/2019 - 19:29
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
Categories: Security News

CVE-2019-8429

National Vulnerability Database - Sun, 02/17/2019 - 19:29
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
Categories: Security News

CVE-2019-8432

National Vulnerability Database - Sun, 02/17/2019 - 19:29
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
Categories: Security News

CVE-2019-8433

National Vulnerability Database - Sun, 02/17/2019 - 19:29
JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.
Categories: Security News

CVE-2019-8434

National Vulnerability Database - Sun, 02/17/2019 - 19:29
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.
Categories: Security News

CVE-2019-8435

National Vulnerability Database - Sun, 02/17/2019 - 19:29
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.
Categories: Security News

CVE-2019-8436

National Vulnerability Database - Sun, 02/17/2019 - 19:29
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.
Categories: Security News

CVE-2019-8419

National Vulnerability Database - Sun, 02/17/2019 - 17:29
VNote 2.2 has XSS via a new text note.
Categories: Security News

CVE-2019-8421

National Vulnerability Database - Sun, 02/17/2019 - 17:29
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
Categories: Security News

CVE-2019-8422

National Vulnerability Database - Sun, 02/17/2019 - 17:29
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
Categories: Security News

CVE-2019-7649

National Vulnerability Database - Sun, 02/17/2019 - 16:29
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
Categories: Security News

Pages