Design/Logic Flaw

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors...

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

CVE-2019-15229

FUEL CMS 1.4.4 is affected by a CSRF flaw in the Admin console’s blocks/create/Create Blocks section. The vulnerability allows an attacker to trick an administrator into executing arbitrary code by requesting a crafted HTML page. Root cause: CSRF in the blocks/create path. Impact is described as ...

FUEL CMS Cross-Site Scripting Vulnerability (CNVD-2019-41832)

FUEL CMS is a content management system CMS based on the Codelgniter framework. A cross-site scripting vulnerability exists in the Create Blocks section of the Admin console in FUEL CMS version 1.4.4, which stems from a lack of proper validation of client-side data in the WEB application and can ...

PT-2019-6433 · Live Networks +2 · Live555 +2

Name of the Vulnerable Software and Affected Versions: Live555 versions prior to 2019.08.16 Description: The issue is related to a Use-After-Free error in the GenericMediaServer::createNewClientSessionWithId function, which can generate the same client session ID in succession. This is mishandled...

CVE-2019-1162

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view...

CVE-2019-14987

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions...

Design/Logic Flaw

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions...

CVE-2019-14987

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions...

CVE-2019-14987

Adive Framework up to version 2.0.7 is affected by a Cross-Site Scripting (XSS) vulnerability in the Create New Table and Create New Navigation Link functionalities. Root cause indicated as insufficient validation of client-side data in the web application (CNVD reference aligns). Impact per NVD ...

PT-2019-3029 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in handling objects in memory by the Windows kernel. This can be exploited by an attacker to elevate their privileges and run arbitrary code in kernel mode...

CVE-2019-14946

The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations...

CVE-2019-14946

The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations...

Debian DLA-1874-1 : postgresql-9.4 security update

CVE-2019-10208: TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function,...

FreeBSD : PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution (9de4c1c1-b9ee-11e9-82aa-6cc21735f730)

The PostgreSQL project reports : Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

CVE-2018-20826

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check...

CVE-2018-20826

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check...

CVE-2018-20826

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check...

[SECURITY] [DLA-1874-1] postgresql-9.4 security update

Package : postgresql-9.4 Version : 9.4.24-0+deb8u1 CVE ID : CVE-2019-10208 CVE-2019-10208: TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of th...

The AddResolution.jspa resource was vulnerable to CSRF - CVE-2019-11586

The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery CSRF vulnerability...