CVE-2015-9450

Summary: The plugmatter-optin-feature-box-lite WordPress plugin is affected by an SQL injection vulnerability in versions before 2.0.14, exploitable via the request parameter wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid. This is documented across CVE/NVD records and corroborated by other datab...

Exploit for OS Command Injection in Compal Ch7465Lg_Firmware

Connect Box CH7465LG CVE-2019-13025 Information This rep...

October 1, 2019, update for Office 2016 (KB4475585)

October 1, 2019, update for Office 2016 KB4475585 This article describes update 4475585 for Microsoft Office 2016 that was released on October 1, 2019.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply t...

PT-2019-11795 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier, LTS versions 2.176.3 and earlier Description: The issue concerns a stored XSS vulnerability. It occurs because the f:expandableTextBox form control interprets its content as HTML when expanded. This can be...

GPAC Buffer Overflow Vulnerability (CNVD-2019-40502)

GPAC is a multimedia framework for rich media and distributed under the LGPL license. A heap buffer overflow vulnerability exists in audiosampleentryAddBox in isomedia/boxcodebase.c in GPAC 0.7.1. An attacker could exploit this vulnerability via specially crafted files to cause a denial of servic...

GPAC Memory Leakage Vulnerability

GPAC is a multimedia framework for rich media and distributed under the LGPL license. A memory leak vulnerability exists in dinfRead in isomedia/boxcodebase.c in GPAC 0.7.1. No detailed vulnerability details are provided at this time...

DEBIAN-CVE-2018-21016

audiosampleentryAddBox at isomedia/boxcodebase.c in GPAC 0.7.1 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted file...

UBUNTU-CVE-2018-21017

GPAC 0.7.1 has a memory leak in dinfRead in isomedia/boxcodebase.c...

CVE-2019-6005

Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP...

Authentication flaw

Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP...

CVE-2019-6005

Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP...

poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc

Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function...

Limesurvey cross-site scripting vulnerability (CNVD-2019-31355)

limesurvey is an open source online questionnaire program with multiple functions such as questionnaire design, modification, release, recovery and statistics. A stored cross-site scripting vulnerability exists in Limesurvey versions prior to 3.17.14. An attacker can exploit this vulnerability to...

CVE-2019-16178

A stored cross-site scripting XSS vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page...

Cross site scripting

A stored cross-site scripting XSS vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page...

CVE-2019-16178

A stored cross-site scripting XSS vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page...

MGASA-2019-0236 Updated ghostscript packages fix security vulnerability

Updated ghostscript packages fix security vulnerability: It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate...

Updated ghostscript packages fix security vulnerability

Updated ghostscript packages fix security vulnerability: It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate...

CVE-2019-15497

Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP...

Default credentials

Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP...