News aggregator

CVE-2019-15137

National Vulnerability Database - Sun, 08/18/2019 - 12:15
The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network.
Categories: Security News

CVE-2019-15132

National Vulnerability Database - Sat, 08/17/2019 - 14:15
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
Categories: Security News

CVE-2019-15133

National Vulnerability Database - Sat, 08/17/2019 - 14:15
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
Categories: Security News

CVE-2019-15134

National Vulnerability Database - Sat, 08/17/2019 - 14:15
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN.
Categories: Security News

CVE-2019-14937

National Vulnerability Database - Sat, 08/17/2019 - 13:15
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.
Categories: Security News

CVE-2019-13069

National Vulnerability Database - Sat, 08/17/2019 - 13:15
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.
Categories: Security News

CVE-2019-15113

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.
Categories: Security News

CVE-2019-15114

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.
Categories: Security News

CVE-2019-15115

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
Categories: Security News

CVE-2019-15116

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
Categories: Security News

CVE-2017-18547

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.
Categories: Security News

CVE-2018-20971

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.
Categories: Security News

CVE-2018-20972

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF.
Categories: Security News

CVE-2018-20973

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.
Categories: Security News

CVE-2018-20974

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The js-jobs plugin before 1.0.7 for WordPress has CSRF.
Categories: Security News

CVE-2014-10376

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
Categories: Security News

CVE-2015-9322

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.
Categories: Security News

CVE-2015-9323

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
Categories: Security News

CVE-2015-9324

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
Categories: Security News

CVE-2017-18541

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The xo-security plugin before 1.5.3 for WordPress has XSS.
Categories: Security News

Pages