Taxonomy CSV import/export - Moderately critical - Information disclosure - SA-CONTRIB-2019-084

Updated January 9th, 2020 This module enables you to import taxonomy terms from different sources, including a text area, a file upload or a file present in the web server. The module doesn't sufficiently validate user input when providing a local filename to import. This vulnerability is mitigat...

Magento Remote Code Execution Vulnerability (CNVD-2019-40725)

Magento is an open source PHP e-commerce system from the U.S. company Magento. A remote code execution vulnerability exists in Magento. An attacker can exploit this vulnerability to achieve remote code execution via a specially crafted custom layout update and import product functionality...

Sparrow-Wifi - Next-Gen GUI-based WiFi And Bluetooth Analyzer For Linux

Sparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. In its most comprehensive use case...

CVE-2019-8227

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML...

Code injection

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML...

CVE-2019-8227

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML...

Magento cross-site scripting vulnerability (CNVD-2019-40836)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento versions prior to 1.9.4.3 and 1.14.4.3. An attacker can exploit the...

CVE-2019-8119

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these...

Remote code execution

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these...

CVE-2019-8122

CVE-2019-8122 - Magento RCE . A remote code execution vulnerability exists in Magento 2.1 before 2.1.19, 2.2 before 2.2.10, and 2.3 before 2.3.3. An authenticated user with privileges to create products can craft a custom layout update and, via the import product function, trigger RCE. The root c...

CVE-2019-8122

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution...

CVE-2019-8119

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these...

CVE-2019-16987

In FusionPBX up to v4.5.7, the file app\contacts\contactimport.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...

Cross site scripting

In FusionPBX up to v4.5.7, the file app\contacts\contactimport.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...

PT-2019-14908 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns the use of an unsanitized query string variable in the contact import.php file, which is reflected in HTML. This leads to a cross-site scripting XSS issue, allowing potential...

The vulnerability of the NSS library used by Thunderbird email client and browsers Firefox and Firefox ESR allows a malicious actor to gain unauthorized access to information.

The vulnerability of the NSS library for Thunderbird email clients, as well as browsers Firefox and Firefox ESR, relates to reading beyond the buffer during the import of the closed curve25519 key in the PKCS 8 format with leading bytes of 0x00. Exploiting this vulnerability can allow an attacker...

CVE-2019-9745

CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service Recognition Update Client Service via an insecure communication channel Named Pipe. The data JSON sent via this channel is used to import data from...

CVE-2019-9745

CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service Recognition Update Client Service via an insecure communication channel Named Pipe. The data JSON sent via this channel is used to import data from...

SugarCRM 9.0.1 Phar Deserialization

--------------------------------------------------------------- SugarCRM = 9.0.1 Multiple Phar Deserialization Vulnerabilities --------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Version 9.0.1 and prior versions, 8.0.3 and...

CVE-2019-0367

SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...