250 matches found
ayakashi (>=1.0.0-beta3 <=1.0.0-beta5.2), cplotter-validator (>=0.0.1 <=0.0.2) +7 more potentially affected by CVE-2019-10752 via sequelize (>=5.10.0 <=5.14.0)
sequelize NPM version =5.10.0, =1.0.0-beta3, =0.0.1, =2.0.0-alpha.2, =1.0.0-beta.15, =2.0.0, =1.0.8, =1.0.9 Source cves: CVE-2019-10752 Source advisory: SNYK:JS-SEQUELIZE-459751...
CVE-2019-3637
Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges...
CVE-2019-10168
The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's...
ZOHO ManageEngine ADSelfService Plus Cross-Site Scripting Vulnerability (CNVD-2019-15893)
ZOHO ManageEngine ADSelfService Plus is a Web-based end-user password management software from ZOHO. A cross-site scripting vulnerability exists in ZOHO ManageEngine ADSelfService Plus versions 5.x through 5704, which can be exploited by an attacker to execute client-side code...
CVE-2019-11069
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used...
CVE-2019-11069
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used...
Design/Logic Flaw
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used...
CVE-2019-11069
Severity: CVE-2019-11069 affects Sequelize versions prior to 5.3.0, where standard-conforming strings are not guaranteed, enabling potential SQL injection via backslash handling in PostgreSQL string literals. Affected component: Sequelize (Node.js ORM) in 5.x series before 5.3.0. Root cause: impr...
CVE-2015-1012
Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless...
Care2x 2.7 (HIS) Hospital Information System SQL Injection
Exploit Title: Care2x 2.7 HIS Hospital Information system - Multiples SQL Injection Date: 01/17/2019 Software Links/Project: https://github.com/care2x/care2x | http://www.care2x.org/ Version: Care2x 2.7 Exploit Author: Carlos Avila Category: webapps Tested on: Windows 8.1 / Ubuntu Linux Contact:...
ThinkPHP 5.x Remote Code Execution
Exploit Title: ThinkPHP 5.x v5.0.23,v5.1.31 Remote Code Execution Date: 2018-12-11 Exploit Author: VulnSpy Vendor Homepage: https://thinkphp.cn Software Link: https://github.com/top-think/framework/ Version: v5.x below v5.0.23,v5.1.31 CVE: N/A Exploit...
PHP 5.x < 5.6.39, 7.x < 7.0.33, 7.1.x < 7.1.26, 7.2.x < 7.2.14 DoS Vulnerability - Windows
PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
Rapidly Evolving Ransomware Gandcrab Version
ARCHIVED STORY Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation By Alexandre Mundo · October 10, 2018 The GandCrab ransomware, which first appeared in January, has been updated rapidly during its short life, with Version 5.0.2 appearing this month. In this post we will...
Remote Code Execution in pg
Affected versions of pg contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. There are two specific scenarios in which it is likely for an application to be vulnerable: 1. The application executes unsafe, user-supplied sql...
CVE-2018-1000505
Tooltipy tooltips for WP version 5 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1...
PYSEC-2018-79
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sendi...
CVE-2018-1000512
Tooltipy Tooltipy tooltips for WP version 5 contains a Cross Site Scripting XSS vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been...
CVE-2018-1000505
Tooltipy tooltips for WP version 5 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1...
Potential Security Vulnerabilities With JavaTM SDKs
Abstract Security Bulletin: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Content Content VULNERABILITY DETAILS: CVE ID: CVE-2011-3563, CVE-2011-5035...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Data Studio Web Console. (CVE-2014-6593, CVE-2015-0410)
Summary There are multiple vulnerabilities in IBMョ Runtime Environments JavaTechnology Edition, Version 5, 6 and 7 that is used by IBM Data Studio Web Console DSWC. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVE-ID: CVE-2014-6593...