6052 matches found
Atlassian Jira Cross-Site Request Forgery Vulnerability (CNVD-2019-30064)
Jira is a tool developed by Australian company Atlassian for defect tracking, issue tracking and project management. A cross-site request forgery vulnerability exists in the AddResolution.jspa resource in Jira. A remote attacker could exploit the vulnerability to create new solutions...
Cross site scripting
An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known b...
CVE-2019-15316
Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation to NT AUTHORITY\SYSTEM via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition...
CVE-2019-15229
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...
CVE-2019-15229
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...
Design/Logic Flaw
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors...
CVE-2019-15229
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...
CVE-2019-15229
FUEL CMS 1.4.4 is affected by a CSRF flaw in the Admin console’s blocks/create/Create Blocks section. The vulnerability allows an attacker to trick an administrator into executing arbitrary code by requesting a crafted HTML page. Root cause: CSRF in the blocks/create path. Impact is described as ...
FUEL CMS Cross-Site Scripting Vulnerability (CNVD-2019-41832)
FUEL CMS is a content management system CMS based on the Codelgniter framework. A cross-site scripting vulnerability exists in the Create Blocks section of the Admin console in FUEL CMS version 1.4.4, which stems from a lack of proper validation of client-side data in the WEB application and can ...
PT-2019-6433 · Live Networks +2 · Live555 +2
Name of the Vulnerable Software and Affected Versions: Live555 versions prior to 2019.08.16 Description: The issue is related to a Use-After-Free error in the GenericMediaServer::createNewClientSessionWithId function, which can generate the same client session ID in succession. This is mishandled...
CVE-2019-1162
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view...
CVE-2019-14987
Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions...
Design/Logic Flaw
Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions...
CVE-2019-14987
Adive Framework up to version 2.0.7 is affected by a Cross-Site Scripting (XSS) vulnerability in the Create New Table and Create New Navigation Link functionalities. Root cause indicated as insufficient validation of client-side data in the web application (CNVD reference aligns). Impact per NVD ...
CVE-2019-14987
Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions...
PT-2019-3029 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in handling objects in memory by the Windows kernel. This can be exploited by an attacker to elevate their privileges and run arbitrary code in kernel mode...
CVE-2019-14946
The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations...
CVE-2019-14946
The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations...
Debian DLA-1874-1 : postgresql-9.4 security update
CVE-2019-10208: TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function,...
FreeBSD : PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution (9de4c1c1-b9ee-11e9-82aa-6cc21735f730)
The PostgreSQL project reports : Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...