CVE-2019-5493

Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled...

LibreOffice Information Disclosure Vulnerability (CNVD-2019-26825)

LibreOffice is an open source office software suite from The Document Foundation TDF. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. A security vulnerability exists in LibreOffice versions prior to 6.2.5. A remote attacker could explo...

RedwoodHQ Bypass Authentication Vulnerability

RedwoodHQ is an open source automated testing framework. The product supports programming languages such as Java, Groovy, Python and C and is capable of creating readable keyword-driven test cases. A security vulnerability exists in RedwoodHQ version 2.5.5. The vulnerability stems from a lack of...

ghostscript: Type confusion in setpattern (700141)

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue...

CVE-2018-1002000

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the delids variable by POST request...

PT-2018-2954

Name of the Vulnerable Software and Affected Versions lxml versions prior to 4.2.5 Description The issue is related to the lxml.html.clean module in the lxml library, which fails to remove javascript: URLs that use escaping. This allows a remote attacker to conduct cross-site scripting XSS attack...

Vanilla Remote Code Execution Vulnerability (CNVD-2019-06793)

Vanilla is an open source multi-language, fully extensible forum program. A security vulnerability exists in Vanilla versions prior to 2.5.5 and 2.6.x prior to 2.6.2. A remote attacker can exploit this vulnerability to execute code by calling the 'unserialize' function...

CVE-2018-3243

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite subcomponent: None. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

PT-2018-2283 · Cisco · Cisco Small Business Routers

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could...

BTITeam XBTIT Cross-Site Scripting Vulnerability (CNVD-2019-28273)

XBTIT is an open source tracking software. A stored cross-site scripting vulnerability exists in newsfeed /index.php?page=viewnews in BTITeam XBTIT 2.5.4. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the headline of a news item...

ASP4CMS AspCMS Elevation of Privilege Vulnerability

ASP4CMS AspCMS is China's ASP4CMS open source laboratory of a free enterprise website construction system . The system supports customized templates and plug-in extensions and other features. ASP4CMS AspCMS 2.5.6 version of a security vulnerability , the vulnerability stems from the /member/reg.a...

BSA-2018-700

Security Advisory ID : BSA-2018-700 Component : Apache Struts 2 Revision : 1.0: Final Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same...

CVE-2018-3017

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite subcomponent: Preferences. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with...

Apple iOS, tvOS and watchOS Graphics Driver Memory Corruption Vulnerability

Apple iOS, tvOS, and watchOS are all products of Apple Inc. Apple iOS is an operating system for mobile devices; tvOS is a smart TV operating system; and watchOS is a smart watch operating system. graphics Driver is one of the graphics drivers. A security vulnerability exists in the Graphics Driv...

CVE-2018-4092

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended memory-read...

Acrolinx Server for Windows Path Traversal Vulnerability

Acrolinx Server for Windows is a Windows-based intelligent language analysis server from Acrolinx Germany. A path traversal vulnerability exists in versions of Acrolinx Server for Windows based platforms prior to 5.2.5. No details of the vulnerability are available at this time...

CVE-2018-1000092

CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery CSRF vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability...

UBUNTU-CVE-2018-1000079

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to...

CVE-2018-6200

vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter...

IBM Tivoli Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2018-01130)

IBM Tivoli Key Lifecycle Manager enables you to locally create, distribute, back up, archive and manage the lifecycle of keys and certificates in your organization. An information disclosure vulnerability exists in IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7. The vulnerability arises becau...