[SECURITY] Fedora 29 Update: ntfs-3g-2017.3.23-11.fc29

NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove,...

[SECURITY] Fedora 29 Update: podofo-0.9.6-6.fc29

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

CVE-2019-10105

CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager...

CVE-2019-10105

CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager...

Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting

Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.1 Introduction A CouchDB server hosts named databases, whic...

Apache CouchDB 2.3.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.1 Introduction A CouchDB server hosts named databases, whic...

CVE-2019-7223

InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoicepassword parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/ URI. NOTE: this is different from CVE-2018-12255...

Cross site scripting

InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoicepassword parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/ URI. NOTE: this is different from CVE-2018-12255...

UBUNTU-CVE-2019-9797

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...

CVE-2019-7223

CVE-2019-7223 is a stored XSS in InvoicePlane 1.5 affecting the PDF password field (index.php/invoices/ajax/save) with the payload rendered on index.php/invoices/view/##. This is documented across multiple feeds (NVD, OSV, CNVD) as a cross-site scripting vulnerability; exploit details, affected v...

Telegram Gained 3 Million New Users During WhatsApp, Facebook Outage

WhatsApp, Facebook, and Instagram faced a widespread outage yesterday with users from around the world reporting issues with sending messages on WhatsApp and Messenger, posting feeds on Facebook and accessing other features on the three Facebook-owned platforms. While the outage was quite troubli...

October 18, 2018—KB4462932 (OS Build 16299.755)

October 18, 2018—KB4462932 OS Build 16299.755 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses the redenomination of local currency that the Central Bank of Venezuela implemented ...

OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting

Exploit for multiple platform in category web applications Exploit Title: OrientDB 3.0.17 GA Community Edition March 7th, 2019 | Multiple Vulnerabilities Date: 07.03.2019 Exploit Author: Ozer Goker Vendor Homepage: https://orientdb.org Software Link: https://orientdb.org/download Version: 3.0.17 ...

DirectAdmin 1.55 - CMD_ACCOUNT_ADMIN Cross-Site Request Forgery

DirectAdmin 1.55 - CMDACCOUNTADMIN Cross-Site Request Forgery Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Date: 03/03/2019 Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link:...

DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery

Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Date: 03/03/2019 Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link: https://www.directadmin.com:2222/CMDACCOUNTADMIN Version: 1.55 CVE: CVE-2019-9625...

Unauthorized Access Vulnerability in Odoo

Odoo formerly known as OpenERP is an enterprise resource planning ERP and customer relationship management CRM system. The system is developed in Python language with PostgreSQL as the database and includes modules for sales management, inventory management and financial management. Odoo suffers...

CVE-2018-18497

Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This...

NVIDIA Windows GPU Display Driver Input Validation Error Vulnerability

The NVIDIA Windows GPU Display Driver is a display driver for Windows systems. An array index reference vulnerability exists in the kernel mode layer nvlddmkm.sys create context command DDI DxgkDdiCreateContext in the NVIDIA Windows GPU display driver. The vulnerability stems from the product usi...

Information disclosure

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories...

CVE-2019-9201

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories...