Microsoft Windows CSC Service Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows CSC Service is one of the offline file storage services. An elevation of...

PT-2020-2203

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Desktop Central versions prior to 10.0.474 Description The issue is related to the deserialization of untrusted data in the getChartImage method of the FileStorage class, which is associated with the CewolfServlet and...

January 14, 2020—KB4534306 (OS Build 10240.18453)

January 14, 2020—KB4534306 OS Build 10240.18453 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when storing and managing files. Updates to impro...

openSUSE: Security Advisory for nfs-utils (openSUSE-SU-2019:2435-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

File upload vulnerability in MyUPB ad***_ic***.php file

MyUPB is a database-free forum that uses text files to store data. A file upload vulnerability exists in the MyUPB adic.php file. This allows an attacker to upload a webshell and gain server privileges...

Magento File Upload Vulnerability

Magento is an open source PHP e-commerce system from the U.S. company Magento. A file upload vulnerability exists in Magento. An attacker can use this vulnerability to manipulate the synchronization function in the database's Media File Storage to convert uploaded JPEG files to PHP files...

chromium-browser: File storage disclosure

Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application...

CVE-2019-8140

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file...

CVE-2019-8140

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file...

Unrestricted file upload

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file...

openSUSE Security Update : chromium / re2 (openSUSE-2019-2420)

This update for chromium, re2 fixes the following issues : Chromium was updated to 78.0.3904.70 boo1154806 : - CVE-2019-13699: Use-after-free in media - CVE-2019-13700: Buffer overrun in Blink - CVE-2019-13701: URL spoof in navigation - CVE-2019-13702: Privilege elevation in Installer -...

Security update for chromium, re2 (important)

openSUSE Security Update: Security update for chromium, re2 Announcement ID: openSUSE-SU-2019:2425-1 Rating: important References: 1154806 Cross-References: CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707...

Security update for chromium, re2 (important)

openSUSE Security Update: Security update for chromium, re2 Announcement ID: openSUSE-SU-2019:2420-1 Rating: important References: 1154806 Cross-References: CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707...

KLA11714 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Cross-origin data leak vulnerability can be exploited to arbitrary code executio...

SUSE SLED15 / SLES15 Security Update : nfs-utils (SUSE-SU-2019:2776-1)

This update for nfs-utils fixes the following issues : CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. bsc1150733 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automaticall...

Google Chrome Security Updates (stable-channel-update-for-desktop_22-2019-10) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

KLA11588 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in media can be exploited to arbitrary code execution; 2. Buffer overrun vulnerability in...

Design/Logic Flaw

An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if remove...

The vulnerability of the eLearning Server 4G system in terms of access control deficiencies allows an intruder to gain access to the user’s file storage.

The vulnerability of the eLearning Server 4G system for managing learning and development is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain access to the user’s file storage by replacing the parameters of the current user’s identifie...

CVE-2019-6754

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...