Code injection

rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences %2f..%2f in the path parameter to view arbitrary files on the system...

CVE-2020-15120

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's...

CVE-2020-15120

CVE-2020-15120 concerns I hate money prior to 4.1.5, where an authenticated member of one project could modify or delete members of another project and access all bills of that project. Root cause involves insufficient project-scoped checks, enabling cross-project membership alterations once an a...

CVE-2020-10600

CVE-2020-10600 affects OSIsoft PI System: a NULL pointer dereference vulnerability in the PI Archive Subsystem can be triggered by an authenticated remote attacker under memory pressure, potentially blocking queries to the PI Data Archive (2018 SP2 and earlier). The vulnerability is documented wi...

CVE-2020-12028

CVE-2020-12028 affects Rockwell Automation FactoryTalk View SE SCADA (FactoryTalk View SEA remote). The issue arises from handlers that do not enforce permissions, enabling an attacker to interact with remote endpoint data. Exploitation is described as an unauthenticated/remote chain of vulnerabi...

CVE-2020-5768

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields...

PT-2020-3112 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to a lack of proper validation of files uploaded to an affected device, allowing an authenticated, remote attacker to conduct directory traversal...

Cisco Application Services Engine Access Control Error Vulnerability

Cisco Application Services Engine is the United States Cisco Cisco company's set of common platform for the deployment of Cisco data center applications. The keystore in Cisco Application Services Engine versions prior to 1.1.2.20 is vulnerable to an Access Control Error vulnerability that stems...

CVE-2020-3267

A vulnerability in the API subsystem of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit...

WordPress JobCareer Plugin Information Disclosure (CVE-2018-19487)

An Information Disclosure vulnerability exists in JobCareer plugin. A remote authenticated attacker may exploit this vulnerability to enumerate information about users...

CVE-2020-4430

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535...

CVE-2019-19223

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface...

Design/Logic Flaw

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through...

Cisco SD-WAN Solution SQL Injection Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An SQL injection vulnerability exists in the web interface of Cisco SD-WAN Solution vManage. The vulnerability stems from insufficient validation of user-supplied input. A remote...

DEBIAN-CVE-2019-16780

WordPress users with lower privileges like contributors can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This...

Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write (cisco-sa-20180926-ir800-memwrite)

According to its self-reported version, Cisco IOS is affected by arbitrary memory write vulnerabilities in the embedded test subsystem due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An authenticated,...

CVE-2019-5111

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filtercat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters...

DEBIAN-CVE-2019-3465

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...

CVE-2019-16965

resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data...

CVE-2019-15240 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An...