[SECURITY] [DLA 1970-1] php5 security update

Package : php5 Version : 5.6.40+dfsg-0+deb8u7 CVE ID : CVE-2019-11043 Emil Lerner, beched and d90pwn found a buffer underflow in php5-fpm, a Fast Process Manager for the PHP language, which can lead to remote code execution. Instances are vulnerable depending on the web server configuration, in...

CVE-2019-17660

A cross-site scripting XSS vulnerability in admin/translate/translateheaderview.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATHINFO...

Cross site scripting

A cross-site scripting XSS vulnerability in admin/translate/translateheaderview.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATHINFO...

CVE-2019-16657

TuziCMS 2.0.6 has XSS via the PATHINFO to a group URI, as demonstrated by index.php/article/group/id/2/...

Code injection

TuziCMS 2.0.6 has XSS via the PATHINFO to a group URI, as demonstrated by index.php/article/group/id/2/...

CVE-2019-16657

TuziCMS 2.0.6 has XSS via the PATHINFO to a group URI, as demonstrated by index.php/article/group/id/2/...

CVE-2019-16321

ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATHINFO...

CVE-2019-16104

Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATHINFO...

CVE-2019-14472

Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATHINFO...

CVE-2019-14472

Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATHINFO...

CVE-2019-12834

In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATHINFO to the dashboards/ URI...

CVE-2019-12834

HT2 Labs Learning Locker 3.15.1 has a cross-site scripting (XSS) flaw allowing injection of HTML/JavaScript into the DOM via PATH_INFO to the dashboards/ URI. The vulnerability is documented across multiple CVE records in the connected set, with consistent description of DOM-based injection and l...

Cross-Site Scripting (XSS)

geronimo is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the name, ip, username or description parameters in console/portal/Server/Monitoring, and PATHINFO parameter to the default URI under console/portal/...

Design/Logic Flaw

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...

CVE-2018-16386

SWIFT Alliance Web Platform 7.1.23 is affected. The issue is a log injection vulnerability where PATH_INFO to swp/login/EJBRemoteService/ can lead to arbitrary log filename and injection in error logs (null@java:comp/env/ error messages) as described in CVE-2018-16386 entries. The connected docum...

MantisBT 2.1.0 - 2.17.0 'View Filters' And 'Edit Filter' Pages XSS Vulnerability

MantisBT is prone to a cross-site-scripting XSS vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

CVE-2018-16514

A cross-site scripting XSS vulnerability in the View Filters page viewfilterspage.php and Edit Filter page managefiltereditpage.php in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted PATHINFO. NOTE: this vulnerability exis...

Cross site scripting

A cross-site scripting XSS vulnerability in the View Filters page viewfilterspage.php and Edit Filter page managefiltereditpage.php in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted PATHINFO. NOTE: this vulnerability exis...

CVE-2018-17386

CVE-2018-17386 : The Joomla! Micro Deal Factory 2.4.0 component contains a SQL injection vulnerability via the id parameter or PATH_INFO routes (mydeals/ or listdeals/). Attackers could potentially execute arbitrary SQL commands against the underlying database. The description is consistently rep...

CVE-2018-17386

SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATHINFO to mydeals/ or listdeals/...