5909 matches found
[ASA-201907-5] squid: arbitrary code execution
Arch Linux Security Advisory ASA-201907-5 ========================================= Severity: Critical Date : 2019-07-17 CVE-ID : CVE-2019-12527 Package : squid Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1004 Summary ======= The package squid before...
Ubuntu 16.04 LTS / 18.04 LTS : Exiv2 vulnerabilities (USN-4056-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4056-1 advisory. It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service...
Server-Side Request Forgery (SSRF)
hawtio-system is vulnerable to server-side request forgery SSRF. A proxy whitelist that is configured to prevent accessing arbitrary URLs was configured but the vulnerability still exists as it is possible to submit HTTP requests to local addresses through the /proxy/ servlet page. This allows a...
CVE-2019-6638
On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process...
CVE-2019-6638
On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process...
17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device
Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer. Barak Tawily, an...
Directory Traversal
yard is vulnerable to directory traversal. The vulnerability exists as it is possible to access arbitrary files on the yard server machine through unsanitized HTTP requests...
GHSA-XFHH-RX56-RXCR Path Traversal vulnerability that affects yard
Possible arbitrary path traversal and file access via yard server Impact A path traversal vulnerability was discovered in YARD = 0.9.19 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host unde...
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 buil...
F5 Networks BIG-IP : iControl REST vulnerability (K67825238)
Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process. CVE-2019-6638 Impact All authenticated users, regardless of role, canexploit this vulnerability, which can result in a denial-of-service DoS for all iControl REST operations...
Arbitrary path traversal and file access via `yard server`
A path traversal vulnerability was discovered in YARD = 0.9.19 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The issue is resolved in v0.9.20 and later...
CVE-2019-7281
Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...
Code injection
Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...
CVE-2019-7281
CVE-2019-7281 affects Prima Systems FlexAir (versions 2.3.38 and earlier). The vulnerability is CSRF: an unauthenticated user can cause unverified HTTP requests that may let an attacker perform actions with administrative privileges when a logged-in user visits a malicious site. The ICSA advisory...
CVE-2019-7281
Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...
PT-2019-18511 · Prima Systems · Flexair
Name of the Vulnerable Software and Affected Versions: Prima Systems FlexAir versions 2.3.38 and prior Description: The issue allows an unauthenticated user to send unverified HTTP requests. This may enable an attacker to perform certain actions with administrative privileges if a logged-in user...
FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery
Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...
CVE-2019-4382
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162...
Code injection
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162...
CVE-2019-4382
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162...