DEBIAN-CVE-2019-8943

WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring...

CVE-2017-9656

The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevate...

mysql: Server: FTS unspecified vulnerability (CPU Oct 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: FTS. Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Drupal GD Infinite Scroll Module Cross-Site Request Forgery Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.GD Infinite Scroll is one of the automatic paging modules used to automatically load the next page of content when scrolling a web page. A cross-site request forgery vulnerability exist...