FreeBSD : MySQL -- Multiple vulerabilities (a6cf65ad-37d2-11ea-a1c7-b499baebfeaf)

Oracle reports : This Critical Patch Update contains 17 new security fixes for Oracle MySQL. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. C Tenable Network Security, Inc. The descriptive te...

OSIsoft PI Vision

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft LLC Equipment: PI Vision Vulnerabilities: Improper Access Control, Cross-site Request Forgery CSRF, Cross-site Scripting, Inclusion of Sensitive Information in Log Files 2. RISK EVALUATION...

OpenBSD Multiple Authentication Vulnerabilities

Multiple authentication vulnerabilities in OpenBSD have been disclosed by Qualys Research Labs. The vulnerabilities are assigned following CVEs: CVE-2019-19522, CVE-2019-19521, CVE-2019-19520, CVE-2019-19519. OpenBSD developers have confirmed the vulnerabilities and also provided a quick response...

FreeBSD : MySQL -- Multiple vulerabilities (fc91f2ef-fd7b-11e9-a1c7-b499baebfeaf)

Oracle reports : This Critical Patch Update contains 31 new security fixes for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. C Tenable Network Security, Inc. The descriptive te...

VMware VeloCloud 3.3.0 / 3.2.2 Authorization Bypass Vulnerability

Exploit for linux platform in category web applications Product: VeloCloud Vendor: VMware CVE ID: CVE-2019-5533 CSNC ID: CSNC-2019-007 Subject: Authorization Bypass Risk: Moderate Effect: Remotely exploitable CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Author: Silas Bärtsch Date:...

MySQL -- Multiple vulerabilities

Oracle reports: This Critical Patch Update contains 31 new security fixes for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

Micro Focus Filr 3.4.0.217 Path Traversal / Privilege Escalation Vulnerabilities

Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities. Micro Focus Filr Multiple Vulnerabilities 1. Advisory Information Title: Micro Focus Filr Multiple Vulnerabilities Advisory ID: SAUTH-2019-0001 Advisory URL:...

D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities

D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link Central WiFiManager Software Controller Multiple Vulnerabilities 1. Advisory Information Title: D-Link Central WiFiManager Software Controller...

QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities

QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 1. Advisory Information Title: QNAP Qcenter Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2018-0006...

AXON PBX 2.02 Cross Site Scripting

Aloha, 1. Introduction Vendor: NCH Software Affected Product: AXON PBX - 2.02 Vendor Website: http://www.nch.com.au/pbx/index.html Vulnerability Type: Reflected XSS Remote Exploitable: Yes CVE ID: CVE-2018-11552 2. Overview There is a reflected XSS vulnerability in AXON PBX Web interface. The...

Totemomail Encryption Gateway 6.0.0_Build_371 JSONP Hijacking

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: totemomail Encryption Gateway Vendor: totemo AG CSNC ID: CSNC-2018-002 CVE ID: CVE-2018-6562 Subject: JSONP hijacking Risk: High Effect: Remotely exploitable Author: Nicolas Heiniger Date: 14.05.2018...

ICSA-18-128-02 Siemens Siveillance VMS (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION : Exploitable remotely Vendor : Siemens Equipment : Siveillance Video Management Software VMS Vulnerability : Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-128-02...

MikroTik RouterOS SMB Buffer Overflow

Advisory ID Internal CORE-2018-0003 1. Advisory Information Title: MikroTik RouterOS SMB Buffer Overflow Advisory ID: CORE-2018-0003 Advisory URL:https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow Date published: 2018-03-15 Date of last update: 2018-03-15...

Trend Micro Email Encryption Gateway XSS / Code Execution

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Trend Micro Email Encryption Gateway Multiple Vulnerabilities 1. Advisory Information Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0006 Advisory URL:...

Yab Quarx 2.4.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications 1. Introduction Vendor : Yab Affected Product : Quarx through 2.4.3 Fixed in : Quarx 2.4.5 and 2.4.6 Vendor Website : https://quarxcms.com/ Vulnerability Type : Persistent XSS Remote Exploitable : Yes CVE External Identifier : CVE-2018-7274 2...

Radiant CMS 1.1.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications 1. Introduction Vendor : Radiant Affected Product : Radiant CMS 1.1.4 Fixed in : NA Vendor Website : http://radiantcms.org/ Vulnerability Type : Persistent XSS Remote Exploitable : Yes CVE External Identifier : CVE-2018-7261 2. Overview...

Radiant CMS 1.1.4 Cross Site Scripting

Introduction Vendor : Radiant Affected Product : Radiant CMS 1.1.4 Fixed in : NA Vendor Website : http://radiantcms.org/ Vulnerability Type : Persistent XSS Remote Exploitable : Yes CVE External Identifier : CVE-2018-7261 2. Overview Technical Description: There are multiple Persistent XSS...

Dell EMC Isilon OneFS XSS / Code Execution / CSRF

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Dell EMC Isilon OneFS Multiple Vulnerabilities 1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:...

Kaspersky Secure Mail Gateway 1.1.0.379 CSRF / Code Execution Vulnerabilities

Exploit for multiple platform in category remote exploits Kaspersky Secure Mail Gateway Multiple Vulnerabilities 1. Advisory Information Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities Advisory URL:...

Siemens Industrial Products (Update C)

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01B Siemens Industrial Products that w...