CVE-2021-25688

Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs...

[slackware-security] mutt

New mutt packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mutt-1.10.1-i586-2slack14.2.txz: Rebuilt. Mutt had incorrect error handling when initially connecting to an IMAP server,...

Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot

Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot Date: 10/28/2020 Exploit Author: Mohammed Farhan Vendor Homepage: https://genexis.co.in/product/ont/ Version: Platinum-4410 Software version - P4410-V2-1.28 Tested on: Windows 10 Author Contact:...

CVE-2020-10380

RMySQL through 0.10.19 allows SQL Injection...

CVE-2019-1495

CVE-2019-1495 is rejected/not used and does not represent an active vulnerability entry.

CVE-2020-6638

Grin through 2.1.1 has Insufficient Validation...

CVE-2019-10777

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName"...

CVE-2019-15932

Intesync Solismed 3.3sp has Incorrect Access Control...

CVE-2019-19271

An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...

CVE-2019-5847

Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

Affected versions Symfony 2.8.0 to 2.8.51, 3.4.0 to 3.4.34, 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7 versions of the Symfony HttpFoundation component are affected by this security issue. Symfony 4.3.0 to 4.3.7 versions of the Symfony Mime component are affected by this security issue. The issue has bee...

CVE-2013-2738

minidlna has SQL Injection that may allow retrieval of arbitrary files...

CVE-2019-10457

A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2018-11933

CVE-2018-11933 is rejected/not used and does not represent an active vulnerability entry.

CVE-2016-10893

The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests...

CVE-2019-9022

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

Wikidforum 2.20 SQL Injection

Exploit Title: Wikidforum 2.20 - 'messageid' SQL Injection Exploit Author: Ihsan Sencan Exploit Author: Ihsan Sencan Date: 2018-10-09 Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link: https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download...

CVE-2018-14609

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in delrelocroot in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rbtrees when reloc control has not been initialized...

Cross site scripting

ClipperCMS 1.3.3 has stored XSS via the "Tools - Configuration" screen of the manager/ URI...

Hardcoded credentials

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials...