UBUNTU-CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

CVE-2019-16686

Summary of CVE-2019-16686 (Dolibarr 9.0.5) Dolibarr ERP/CRM 9.0.5 contains a stored cross-site scripting (XSS) vulnerability in the User Note feature (note.php). A user with no privileges can inject script to attack the admin. Affected component: Dolibarr 9.0.5; root cause: improper handling/stor...

PT-2019-14770 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 9.0.5 Description: The issue concerns a stored XSS in the User Note section of the note.php file. This allows a user without privileges to inject a script, potentially attacking the admin. Recommendations: For Dolibarr versio...

macOS 18.7.0 Kernel - Local Privilege Escalation

macOS-Kernel-Exploit DISCLAIMER You need to know the KASLR slide to use the exploit. Also SMAP needs to be disabled which means that it's not exploitable on Macs after 2015. These limitations make the exploit pretty much unusable for in-the-wild exploitation but still helpful for security...

bd.thesciencejob.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-973199 Security Researcher garletmarco Helped patch 1540 vulnerabilities Received 4 Coordinated Disclosure badges , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting bd.thesciencejob.com website and its users. Followi...

Major Groupon, TicketMaster Fraud Scheme Exposed By Insecure Database

UPDATE After discovering a cache of 17 million emails exposed on an unsecured database, researchers with vpnMentor began to hunt for its owner — but to their surprise, they found that the database belonged not to a company, but to a sophisticated criminal network. Cybercriminals had been both...

UBUNTU-CVE-2019-12105

DISPUTED In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inethttpserver, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. T...

UBUNTU-CVE-2019-11548

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint...

CVE-2017-18563

The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen...

CVE-2017-18563

The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen...

WordPress note-press plugin SQL injection vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. note-press is a WordPress admin panel annotation plugin used in it. A SQL injection vulnerability exists in the WordPress note-pre...

php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data

An out-of-bounds read has been found in PHP when function exifiifaddvalue handles the case of a MakerNote that lacks a final terminator character. A remote attacker could use this vulnerability to cause a crash...

php: exif: Buffer over-read in exif_process_IFD_in_MAKERNOTE()

exifprocessIFDinMAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG file...

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the datalen variable...

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...

CVE-2017-18548

The note-press plugin before 0.1.2 for WordPress has SQL injection...

CVE-2017-18548

The CVE-2017-18548 entry concerns the WordPress plugin note-press (before version 0.1.2 ). The vulnerability is a SQL injection in the plugin, as described in multiple sources (NVD entry and Red Hat/CVE references). Affected component: the plugin’s SQL handling in Note Press for WordPress. Impact...

CB TAU Threat Intelligence Notification – MegaCortex Ransomware

MegaCortex is a unique form of ransomware that was initially discovered earlier this year. It proved to be a very complex form of malware that required additional steps of operation that were only recoverable during incident responses. Since then, MegaCortex has been updated to become more generi...

CVE-2019-14361

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-14439. Reason: This candidate is a reservation duplicate of CVE-2019-14439. Notes: All CVE users should reference CVE-2019-14439 instead of this candidate. All references and descriptions in this candidate have been removed t...