CVE-2019-20532

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. Attackers can access the Developer options without authentication. The Samsung ID is SVE-2019-15800 December 2019...

Keijiban Tsumiki vulnerable to OS command injection

Overview Keijiban Tsumiki provided by Mash room - Free CGI - is a CGI to provide Bulletin Board System BBS functions. Keijiban Tsumiki contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on Januar...

mailform vulnerable to cross-site scripting

Overview mailform provided by keitai-site.net is a PHP script providing mail form functions to a website. mailform contains a stored cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it...

mailform vulnerable to PHP code execution

Overview mailform provided by keitai-site.net is a PHP script providing a mail form function to a website. mailform contains a PHP code execution vulnerability CWE-94 on the server where the product is running. During the meeting of Committee for authorizing the disclosure of unresolved...

CuteNews vulnerable to cross-site scripting

Overview Cute News provided by CutePHP.com is a system to manage news. Cute News contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this...

JVN#88277644: Keijiban Tsumiki vulenrable to OS command injection

Keijiban Tsumiki provided by Mash room - Free CGI - is a CGI to provide Bulletin Board System BBS functions. Keijiban Tsumiki contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute an arbitrary OS command. Solution Consider stop using Keijiban Tsumiki v1.15...

JVN#29095127: CuteNews vulnerable to cross-site scripting

Cute News provided by CutePHP.com is a system to manage news. Cute News contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user with a login privilege to the website that uses Cute News while accessing the website. Solution...

JVN#88033799: WL-Enq (WEB Enquete) vulnerable to cross-site scripting

WL-Enq WEB Enquete provided by WonderLink is a CGI to provide web enquete functions. WL-Enq WEB Enquete contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses WL-Enq WEB Enquete. Solution...

JVN#77634892: mailform vulnerable to PHP code execution

mailform provided by keitai-site.net is a PHP script providing a mail form function to a website. mailform contains a PHP code execution vulnerability CWE-94 on the server where the product is running. Impact Arbitrary PHP code may be executed on the server where the product is running. Solution...

CVE-2020-8131

An arbitrary file write flaw was found in Yarn. This flaw allows an attacker to write files to a user’s system in unexpected places, potentially leading to remote code execution. The attacker would need to first trick a developer into installing a malicious package...

Security Bulletin: API Connect V2018 is impacted by a information disclosure vulnerability (CVE-2019-4437)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4437 DESCRIPTION: IBM API Connect Developer Portal may inadvertently leak sensitive details about internal servers and network via API swagger. CVSS Base Score: 8.2 CVSS Temporal Score: See fo...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and...

KLA11682 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Diagnostic Hub Standard...

TwitWork - Monitor Twitter Stream

Monitor twitter stream. TwitWork use the twitter stream which allows you to have a tweets in real-time. There is an input that allows you to filter the flow on one or more keywords or on an @ based on twitter tracking Demo This is a demo of export data on keyword "Coronavirius"...

Security Bulletin: IBM API Connect's Developer Portal is impacted by a denial of service vulnerability in MySQL (CVE-2019-2805)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-2805 DESCRIPTION: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0....

Security Bulletin: API Connect's Developer Portal is impacted by vulnerabilities in PHP

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11035 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by heap-based buffer overflow in the exifiifaddvalue function in the EXIF extension. By persuading ...

Pixel Update Bulletin—March 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2020-03-05 or later address all issues in this bulletin and all issues in the March 2020 Android Securi...

Export Users to CSV <= 1.4.2 - CSV Injection

An attacker can register themselves as a subscriber in a WordPress website and provide malicious payloads formula into the user account details field. When an authenticated admin uses the Export Users to CSV plugin to export the details of all the users into a CSV file and open it, the payload ge...

SmartClient Absolute Path Information Disclosure Vulnerability

smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . An absolute path information disclosure vulnerability exists in SmartClient 12.0. An unauthenticated attacker can exploit this vulnerability by sending a...

SmartClient File Overwrite Vulnerability

smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . The console functionality of SmartClient 12.0 suffers from a file overwrite vulnerability in the remote procedure call RPC saveFile provided at the...