CVE-2019-4133

CVE-2019-4133 affects IBM Cloud Automation Manager 3.1.2. The concurrent documents confirm a client-side attacker with access to the user’s machine could execute a custom script due to an insecure Content-Security-Policy header. Exploitation details are not provided beyond this, but the IBM secur...

PT-2019-16914 · Ibm · Ibm Cloud Automation Manager

Name of the Vulnerable Software and Affected Versions: IBM Cloud Automation Manager version 3.1.2 Description: The issue allows a malicious user on the client side, with access to the client computer, to run a custom script. Recommendations: For IBM Cloud Automation Manager version 3.1.2, conside...

SUSE-SU-2019:2231-1 Security update for libreoffice

This update for libreoffice fixes the following issues: Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' bsc1141861. - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo bsc1141862. - CVE-2019-9851: Fixed LibreLogo global-event scrip...

Security Bulletin: IBM Cloud Automation Manager is affected by a insecure Content-Security-Policy header vulnerability CVE-2019-4133

Summary IBM Cloud Automation Manager could allow a malicious user on the client side with access to client computer to run a custom script. Vulnerability Details CVEID: CVE-2019-4133 DESCRIPTION: IBM Cloud Automation Manager could allow a malicious user on the client side with access to client...

Fedora 29 : 1:libreoffice (2019-2fe22a3a2c)

CVE-2019-9850 Insufficient url validation allowing LibreLogo script execution - CVE-2019-9851 LibreLogo global-event script execution - CVE-2019-9852 Insufficient URL encoding flaw in allowed script location check ---- - CVE-2019-9848 LibreLogo arbitrary script execution - CVE-2019-9849 remote...

CVE-2019-9850

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...

Roblox: Malformed string sent through FireServer leads to server freezing/hanging

This was found an hour ago so if I get any information wrong, please comment and I'll get back to you! A cheater/exploiter can hang any Roblox gameserver due to a 5 line script which sends a big malformed string through SayMessageRequest resulting in the server to hang itself. This works in any...

Cisco Unified Contact Center Express Input Validation Error Vulnerability

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. An input validation error vulnerability...

Fedora 30 : 1:libreoffice (2019-dd9d207c17)

CVE-2019-9850 Insufficient url validation allowing LibreLogo script execution - CVE-2019-9851 LibreLogo global-event script execution - CVE-2019-9852 Insufficient URL encoding flaw in allowed script location check - latest stable version Note that Tenable Network Security has extracted the...

CVE-2019-9851 LibreLogo global-event script execution

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers...

CVE-2019-9850 Insufficient url validation allowing LibreLogo script execution

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...

PT-2019-13887 · WordPress · Wp-Live-Chat-Support

Name of the Vulnerable Software and Affected Versions: wp-live-chat-support plugin versions prior to 8.0.27 Description: The issue is related to a security problem where an attacker can exploit the GDPR page to execute malicious scripts, potentially leading to unauthorized access or data theft...

PT-2019-7675 · WordPress · Wp-Live-Chat-Support

Name of the Vulnerable Software and Affected Versions: wp-live-chat-support plugin versions prior to 6.2.02 Description: The issue is related to a security problem where an attacker can execute malicious scripts. Recommendations: For versions prior to 6.2.02, update to version 6.2.02 or later to...

CVE-2019-14769

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. This iss...

WebStudio Ultimate Loan Manager Cross-Site Scripting Vulnerability

Ultimate Loan Manager is an online management system that allows businesses to easily manage their borrowers, loans, repayments and collections while remaining affordable. WebStudio Ultimate Loan Manager suffers from a cross-site scripting vulnerability that can be exploited by an attacker to...

LibreOffice < 6.2.5 Multiple Vulnerabilities (macOS)

The version of LibreOffice installed on the remote macOS host is prior to 6.2.5. It is, therefore, affected by multiple vulnerabilities : - An arbitrary script execution vulnerability exists due to a flaw allowing event-based execution of python scripts within a document. Note, LibreLogo must be...

cPanel Cross-Site Scripting Vulnerability (CNVD-2019-26358)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the WHM listips interface in versions prior to cPanel 68.0.27. The...

LibreOffice < 6.2.5 Multiple Vulnerabilities (Windows)

The version of LibreOffice installed on the remote Windows host is prior to 6.2.5. It is, therefore, affected by multiple vulnerabilities : - An arbitrary script execution vulnerability exists due to a flaw allowing event-based execution of python scripts within a document. Note, LibreLogo must b...

Central Dogma vulnerable to cross-site scripting

Overview Central Dogma provided by LINE Corporation contains a cross-site scripting vulnerability CWE-79. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LINE Corporation coordinated under the Information Security Early Warning...

Design/Logic Flaw

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...