6046 matches found
UBUNTU-CVE-2019-9797
Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...
CVE-2019-7223
CVE-2019-7223 is a stored XSS in InvoicePlane 1.5 affecting the PDF password field (index.php/invoices/ajax/save) with the payload rendered on index.php/invoices/view/##. This is documented across multiple feeds (NVD, OSV, CNVD) as a cross-site scripting vulnerability; exploit details, affected v...
Telegram Gained 3 Million New Users During WhatsApp, Facebook Outage
WhatsApp, Facebook, and Instagram faced a widespread outage yesterday with users from around the world reporting issues with sending messages on WhatsApp and Messenger, posting feeds on Facebook and accessing other features on the three Facebook-owned platforms. While the outage was quite troubli...
October 18, 2018—KB4462932 (OS Build 16299.755)
October 18, 2018—KB4462932 OS Build 16299.755 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses the redenomination of local currency that the Central Bank of Venezuela implemented ...
OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting
Exploit for multiple platform in category web applications Exploit Title: OrientDB 3.0.17 GA Community Edition March 7th, 2019 | Multiple Vulnerabilities Date: 07.03.2019 Exploit Author: Ozer Goker Vendor Homepage: https://orientdb.org Software Link: https://orientdb.org/download Version: 3.0.17 ...
DirectAdmin 1.55 - CMD_ACCOUNT_ADMIN Cross-Site Request Forgery
DirectAdmin 1.55 - CMDACCOUNTADMIN Cross-Site Request Forgery Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Date: 03/03/2019 Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link:...
DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery
Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Date: 03/03/2019 Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link: https://www.directadmin.com:2222/CMDACCOUNTADMIN Version: 1.55 CVE: CVE-2019-9625...
Unauthorized Access Vulnerability in Odoo
Odoo formerly known as OpenERP is an enterprise resource planning ERP and customer relationship management CRM system. The system is developed in Python language with PostgreSQL as the database and includes modules for sales management, inventory management and financial management. Odoo suffers...
CVE-2018-18497
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This...
NVIDIA Windows GPU Display Driver Input Validation Error Vulnerability
The NVIDIA Windows GPU Display Driver is a display driver for Windows systems. An array index reference vulnerability exists in the kernel mode layer nvlddmkm.sys create context command DDI DxgkDdiCreateContext in the NVIDIA Windows GPU display driver. The vulnerability stems from the product usi...
Information disclosure
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories...
CVE-2019-9201
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories...
CVE-2019-9201
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories...
CVE-2019-9201
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories...
PT-2019-6215
Name of the Vulnerable Software and Affected Versions ILC 1x0 versions affected versions not specified ILC 1x1 versions affected versions not specified ILC 1x1 GSM/GPRS versions affected versions not specified ILC 3xx versions affected versions not specified AXC 1050 versions affected versions no...
Apache CouchDB 2.3.0 - Cross-Site Scripting
Exploit Title: Apache CouchDB 2.3.0 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.0 Introduction A CouchDB server hosts named databases, which store documents. Each...
DEBIAN-CVE-2019-6974
In the Linux kernel before 4.20.8, kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandles reference counting because of a race condition, leading to a use-after-free...
PT-2019-5609 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions up to 3.10 Description: A denial of service situation can be created by an attacker with local access via a NULL pointer dereference in the ovl posix acl create function in fs/overlayfs/dir.c. This allows attackers who c...
UBUNTU-CVE-2019-6974
In the Linux kernel before 4.20.8, kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandles reference counting because of a race condition, leading to a use-after-free...
CVE-2019-7550
In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued...