CVE-2019-9613

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...

CVE-2019-9616

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadScrawl URI...

Code injection

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...

Code injection

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/editUploadImage URI...

Code injection

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadFile URI...

CVE-2019-9613

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...

CVE-2019-9609

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/editUploadImage URI...

CVE-2019-9617

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadFile URI...

CVE-2019-9612

CVE-2019-9612 affects OFCMS before 1.1.3. The issue arises in the backend file upload handling: blocking of .jsp/.jspx files fails to consider file.jsp::$DATA within the admin/comn/service/upload URI, enabling remote attackers to execute arbitrary code. This is a remote code execution vulnerabili...

CVE-2019-9613

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...

Prevent Access to Unauthorized Viewers with Enhanced Proxy Detection

Background: Geo-Blocking Content There are no hard and fast rules to the way content is licensed throughout the world, but typically content owners develop license agreements at the country level which gives them a fair amount of flexibility when monetizing their content. These license agreements...

Semmle: the login blocking mechanism does not work correctly

Summary: The login block mechanism does not work correctly because it blocks the login for 1 minute and allows you to sign in again many times with specific pattern by allowing login 2 or 3 times after 1 minute Exploitation 1. open https://lgtm-com.pentesting.semmle.net/ 2. try to login with vali...

CVE-2018-20799

In pfSense 2.4.41, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication the behavior does not match the sshguard documentation, which might make it easier for attackers to bypass...

CVE-2018-20799

In pfSense 2.4.41, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication the behavior does not match the sshguard documentation, which might make it easier for attackers to bypass...

CVE-2018-20799

Summary: pfSense 2.4.4_1 is affected by CVE-2018-20799, where blocking decisions based on HTTPS authentication failures do not align with SSH authentication handling (per sshguard documentation). This inconsistency may enable bypassing access restrictions. The NVD CVSSv3 vector evaluates to HIGH ...

CVE-2019-9078

zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT...

Web App Firewall blocks and logs duplicate cookies

12.1 build 50.31 Web App Firewall blocks all requests if duplicate cookies are found. This is also done, when Cookie Consistency is configured only to log the communication. If Cookie Consistency is turned off completely the communication is permitted...

Announcing Trend Micro Security for Microsoft Edge

Browsing the web securely with Microsoft Edge the browser recommended by Microsoft for Windows 10 users and the default browser in Windows 10 S-mode is a safer bet than ever before with Trend Micro Security for Microsoft Edge—a unique three-in-one browser extension that provides web threat...

Mozilla Firefox 65 Ups the Ante on Privacy with Anti-Tracking Efforts

Mozilla has unveiled new anti-tracking policies and redesigned privacy controls in tandem with the release of Firefox 65 on Tuesday. The company announced a new set of redesigned controls for the Content Blocking section, where users can choose their desired level of privacy protection. These are...

GHSA-C8HM-7HPQ-7JHG com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization...