CVE-2020-5890

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace...

CVE-2020-12101

The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address...

Information disclosure

The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address...

CVE-2020-12101

Summary: CVE-2020-12101 affects xt:Commerce 5.1–6.2.2 and is an improper access-control flaw. A logged-in customer can manipulate the address management “id” in the POST request to alter or null other users’ addresses, potentially clearing all addresses in a shop. The root cause is insufficient a...

F5 Networks BIG-IP : BIG-IP QKView vulnerability (K03318649)

When creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace. CVE-2020-5890 Impact The BIG-IP system may disclose sensitive information used for authentication with...

CVE-2019-16653

Genius Bytes Genius Server (Genius CDDS) 3.2.2 contains an elevation of privilege issue in the usrInternalUsrCRUD plugin. Remote authenticated users can gain administrator privileges. Documented across NVD and regional advisories; exploitation details and fixes are not provided in the supplied so...

The vulnerability of the BIG-IP Access Policy Manager’s access control and remote authentication mechanism lies in errors during the processing of input data, allowing attackers to trigger a service failure.

The vulnerability of the BIG-IP Access Policy Manager’s access control and remote authentication mechanisms is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerabilities of BIG-IP and BIG-IQ access control and remote authentication mechanisms, related to access control errors, allow attackers to escalate their privileges.

The vulnerability of BIG-IP Access Policy Manager and BIG-IQ access control devices lies in access control errors. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of BIG-IP’s access control and remote authentication mechanisms, related to errors in processing input data, allows attackers to trigger service interruptions.

The vulnerability of the BIG-IP access control and remote authentication mechanism is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2020-4430

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. Recent assessments: Assessed Attacker...

CVE-2020-5350

Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords...

Wowza Streaming Engine Remote Authentication Authorization Bypass Vulnerability

Wowza Streaming Engine is a streaming media server software from Wowza Media Systems. The program supports live streaming, VOD, online video chat, and remote recording. A security vulnerability exists in version 4.7.8 build 20191105123929 of Wowza Streaming Engine. An attacker can exploit the...

CVE-2020-11731

The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript...

Denial Of Service (DoS)

mysql is vulnerable to denial of service. An unspecified vulnerability allows a remotely authenticated user to denial service to the application...

Privilege Escalation

mysql is vulnerable to privilege escalation. An unspecified vulnerability allows a remotely authenticated user gain privileged access to the application...

Path traversal

Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi...

Drupal 5.x < 5.11 / 6.x < 6.5 Multiple Vulnerabilities (SA-2008-060)

The version of Drupal running on the remote web server is 5.x prior to 5.11 or 6.x prior to 6.5. It is, therefore, affected by the following vulnerabilities: - The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote, authenticated users to bypass intended...

Privilege escalation

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to import custom vulnerable forms and change form settings via classrmformsettingscontroller.php, resulting in privilege escalation...

Sql injection

Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the 1 tprojectid parameter to keywordsView.php; the 2 reqspecid parameter to reqSpecCompareRevisions.php; the 3 requirementid parameter to...

PT-2020-6867 · D Link · Dch-M225

Name of the Vulnerable Software and Affected Versions: D-Link DCH-M225 versions 1.05b01 and earlier Description: The issue is related to the lack of proper sanitization of special elements used in the operating system command when processing the media renderer parameter in the name string. This...