10502 matches found
CVE-2019-1010257
An Information Disclosure / Data Modification issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can ...
CVE-2019-1010257
An Information Disclosure / Data Modification issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can ...
Design/Logic Flaw
An Information Disclosure / Data Modification issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can ...
CVE-2019-1010257
An Information Disclosure / Data Modification issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can ...
CVE-2019-1010257
The CVE-2019-1010257 entry concerns the WordPress article2pdf plugin (versions 0.24–0.27) and a path traversal/override flaw in article2pdf_getfile.php. A crafted URL can override the target PDF file path, enabling download of any PDF that is readable by the web server, with the file potentially ...
PT-2019-11530 · WordPress · Article2Pdf
Name of the Vulnerable Software and Affected Versions: article2pdf Wordpress plugin versions 0.24 through 0.27 Description: An Information Disclosure / Data Modification issue exists in the article2pdf getfile.php file. A URL can be constructed to override the PDF file's path, allowing the downlo...
Cross site scripting
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data...
CVE-2019-8988
The CVE-2019-8988 issue affects TIBCO Data Science for AWS and TIBCO Spotfire Data Science up to version 6.4.0. The connected sources describe a persistent cross-site vulnerability in the application server component that could allow a user to escalate privileges, enabling data modifications and ...
PT-2019-19291 · Tibco Software · Tibco Spotfire Data Science +1
Name of the Vulnerable Software and Affected Versions: TIBCO Data Science for AWS versions up to and including 6.4.0 TIBCO Spotfire Data Science versions up to and including 6.4.0 Description: The application server component of TIBCO Software Inc.'s products contains a persistent cross-site...
CVE-2019-6538 Medtronic Conexus Radio Frequency Telemetry Protocol Improper Access Control
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...
Androwarn - Yet Another Static Code Analyzer For Malicious Android Applications
Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application. The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali, with the androguard library. This analysis...
Intel Converged Security and Management Engine and Intel TXE Unauthorized Data Modification Vulnerability
Intel Converged Security and Management Engine CSME and Intel TXE are both products of Intel Corporation, U.S.A. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trust execution engine with hardware authentication capabilities for use in CPUs central...
Intel Converged Security and Management Engine and Intel TXE Content Protection Subsystem Unauthorized Data Modification Vulnerability
Intel Converged Security and Management Engine CSME and Intel TXE are both products of Intel Corporation.Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trust enforcement engine with hardware authentication capabilities used in the CPU Central...
Code injection
Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access...
CVE-2018-12188
Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access...
CVE-2018-12189
Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access...
Input validation
Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access...
CVE-2018-12188
Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access...
CVE-2018-12189
Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access...
CVE-2018-12188
Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access...