9454 matches found
Design/Logic Flaw
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2019-1000021
slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin Persistent Storage of Private Data via PubSub options profile, used for the configuration of default access model that can result in all of the contacts of...
CVE-2019-1000018
Removed by vendor...
CVE-2018-1000998
FreeBSD CVSweb version 2.x contains a Cross Site Scripting XSS vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This...
CVE-2019-1000024
OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting XSS vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result...
Mozilla Firefox < 65.0
The version of Firefox installed on the remote Windows host is prior to 65.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-01 advisory. - Mozilla developers and community members Arthur Iakab, Christoph Diehl, Christian Holler, Kalel, Emilio Cobos lvarez,...
CVE-2018-18500
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird 60.5, Firefox ESR 60.5, and...
CVE-2018-18504
A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox 65...
Yokogawa License Manager Service
1. EXECUTIVE SUMMARY CVSS v8.1 ATTENTION : Exploitable remotely Vendor : Yokogawa Equipment : License Manager Service Vulnerability : Unrestricted Upload of Files with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely upload files,...
WordPress Yeloni Free Exit Popup 8.1.9 SQL Injection
Exploit Title : WordPress Yeloni Free Exit Popup Plugins 8.1.9 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 28/01/2019 Vendor Homepage : yeloni.com Software Download Link : downloads.wordpress.org/plugin/yeloni-free-exit-popup.zip Software...
Johnson Controls Facility Explorer
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Johnson Controls Equipment: Facility Explorer Vulnerabilities: Path Traversal, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read, write, and delete...
Nuuo Central Management Server Authenticated Arbitrary File Upload
The COMMITCONFIG verb is used by a CMS client to upload and modify the configuration of the CMS Server. The vulnerability is in the "FileName" parameter, which accepts directory traversal ..\..\ characters. Therefore, this function can be abused to overwrite any files in the installation drive of...
Siemens SICAM A8000 Series Denial Of Service Exploit
Exploit for windows platform in category web applications Product: SICAM A8000 Series Vendor: Siemens CSNC ID: CSNC-2019-002 CVE ID: CVE-2018-13798 Subject: SICAM Webinterface XXE DoS Risk: Medium CVSS 3.0 Base Score: 5.3 CVSS 3.0: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Effect...
Siemens SICAM A8000 Series Denial Of Service
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: SICAM A8000 Series Vendor: Siemens CSNC ID: CSNC-2019-002 CVE ID: CVE-2018-13798 Subject: SICAM Webinterface XXE DoS Risk: Medium CVSS 3.0 Base Score: 5.3 CVSS 3.0:...
CVE-2019-2552
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
CVE-2019-2524
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
CVE-2019-2530
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...
CVE-2019-2507
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...
CVE-2019-2510
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2019-2494
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...