Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws

Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. T...

SQL Injection Vulnerability in Jinzhi Education Talent Recruitment System

Jiangsu Jinzhi Education Information Co., Ltd. is a domestic informationization service provider for colleges and universities. Focusing on the field of university informatization, it provides universities with smart campus solutions, integration and operation and maintenance services of campus...

OpenEMR New.php Command Injection (CVE-2019-3968)

A command injection vulnerability exists in OpenEMR New.php. Successful exploitation of this vulnerability could result in arbitrary command execution on the affected system...

Cisco FXOS Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a...

IBM Spectrum Protect Plus Command Injection Vulnerability (CNVD-2020-14207)

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A command injection vulnerability exists in...

CVE-2020-5524

Aterm series Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function...

Redmine SQL Injection (CVE-2019-18890)

An SQL injection vulnerability exists in Redmine. Successful exploitation of this vulnerability could lead to arbitrary SQL code execution...

Directory traversal

Directory traversal vulnerability in Kaseya Virtual System Administrator VSA 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file...

Nextcloud Android SQL Injection Vulnerability

Nextcloud is a suite of client-server software for creating network drives.Nextcloud Android is the Nextcloud Android client. A security vulnerability exists in Nextcloud Android. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications...

CVE-2013-3591

vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability...

CVE-2013-3629

ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution...

CVE-2019-9853

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...

CVE-2019-17095

CVE-2019-17095/17096 affect Bitdefender BOX 2 in bootstrap mode. The vulnerability stems from the bootstrap download_image path, where the device retrieves a firmware URL from nimbus.bitdefender.net via a JSON-RPC response and then shells out to curl/os.execute without validating the URL. This al...

CVE-2020-7240

Meinberg Lantime M300 and M1000 devices allow attackers with privileges to configure a device to execute arbitrary OS commands by editing the /config/netconf.cmd script aka Extended Network Configuration. Note: According to the description, the vulnerability requires a fully authenticated...

Privilege escalation

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution...

CVE-2019-19745

Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server...

Unrestricted file uploads

Date : 2019-12-17 CVE ID : CVE-2019-19745 Description A back end user with access to the form generator can upload arbitrary files and execute them on the server. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.45 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 up t...

MGASA-2019-0390 Updated libvirt packages fix security vulnerabilities

Updated libvirt packages fix security vulnerabilities: An information leak which allowed to retrieve the guest hostname under readonly mode CVE-2019-3886. Wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132. Arbitrary file read/exec via...

DEBIAN-CVE-2019-19604

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

Centreon Web SQL Injection Vulnerability

Centreon Web is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring functions on the network , system and application resources . A SQL injection vulnerability exists in Centreon Web. The vulnerability stems from a lack of...