Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Buffer overflow

An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior...

Webmin Code Injection Vulnerability

Webmin is a set of Web-based system management tools for Unix-like operating systems. A code injection vulnerability exists in Webmin. An attacker can exploit this vulnerability to execute code with the help of specially crafted object names...

WordPress bws-pinterest plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. bws-pinterest is a social plugin used in it. A cross-site scripting vulnerability exists in the WordPress bws-pinteres...

Adobe Acrobat Pro DC JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-1211

An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user. To exploit the vulnerability, an authenticated attacker would ne...

CVE-2019-0343

SAP Commerce Cloud Mediaconversion Extension, versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application...

Amazon Linux AMI : libssh2 (ALAS-2019-1254)

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.CVE-2019-3855 An integer...

Important: libssh2

Issue Overview: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.CVE-2019-38...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0073)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libssh2 packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote...

NewStart CGSL MAIN 4.05 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0169)

The remote NewStart CGSL host, running version MAIN 4.05, has libssh2 packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker wh...

ImageMagick <= 7.0.8-49 Multiple Vulnerabilities - Linux

ImageMagick is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-18469

cPanel before 62.0.17 allows demo accounts to execute code via an NVDatafetchinc API call SEC-233...

CVE-2017-18435

cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API SEC-238...

CVE-2018-20912

cPanel before 70.0.23 allows demo accounts to execute code via awstats SEC-362...

CVE-2019-14405

cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg SEC-487...

CVE-2019-1010237

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting XSS - CWE-79 Type 2: Stored XSS or Persistent. The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap attacker / Corrections vie...

CVE-2019-1010237

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting XSS - CWE-79 Type 2: Stored XSS or Persistent. The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap attacker / Corrections vie...

Cross site scripting

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting XSS - CWE-79 Type 2: Stored XSS or Persistent. The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap attacker / Corrections vie...

CVE-2019-1010237

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting XSS - CWE-79 Type 2: Stored XSS or Persistent. The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap attacker / Corrections vie...