CVE-2018-18276

XSS exists in the ProFiles 1.5 component for Joomla! via the name or path parameter when creating a new folder in the administrative panel...

DEBIAN-CVE-2019-9797

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...

CVE-2018-3314

Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications subcomponent: Customer. The supported version that is affected is 11.4. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Relate CRM Software...

Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvmioctlcreatedevice, the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If suc...

CVE-2019-2033

In createhdr of dnssdclientstub.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-121327565...

Oracle Database Server Multiple Vulnerabilities (Apr 2019 CPU)

The remote Oracle Database Server is missing the April 2019 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - An authenticated local Portable Clusterware takeover vulnerability exists in the Oracle RDBMS. An authenticated, local attacker with the Grid...

GitLab: Access Projects And create projects in gitlab pre production server

Steps to reproduce Go to https://pre.gitlab.com Here any one can register and can view the pre production projects of gitlab developers. I have registered in https://pre.gitlab.com/users/signin and have created one test group and test project go to https://pre.gitlab.com/explore/groups i have...

DirectAdmin 1.561 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 email protected && infinitumit.com.tr Description: Multipl...

CVE-2019-7174

Roxy Fileman 1.4.5 allows attackers to execute renamefile.php aka Rename File, createdir.php aka Create Directory, fileslist.php aka Echo File List, and movefile.php aka Move File operations...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change...

PT-2019-12079 · Salicru · Slc-20-Cube3

Name of the Vulnerable Software and Affected Versions: Salicru SLC-20-cube35 devices running firmware version cs121-SNMP v4.54.82.130611 Description: A reflected HTML injection issue allows remote attackers to inject arbitrary HTML elements via specific API endpoints, including /DataLog.csv?log=,...

Fedora Update for gnome-boxes FEDORA-2019-b2d986c3e9

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-11830

Improper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A...

[SECURITY] Fedora 29 Update: ntfs-3g-2017.3.23-11.fc29

NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove,...

[SECURITY] Fedora 29 Update: podofo-0.9.6-6.fc29

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

CVE-2019-10105

CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager...

CVE-2019-10105

CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager...

Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting

Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.1 Introduction A CouchDB server hosts named databases, whic...

Apache CouchDB 2.3.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.1 Introduction A CouchDB server hosts named databases, whic...

CVE-2019-7223

InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoicepassword parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/ URI. NOTE: this is different from CVE-2018-12255...