Solaris SunSSH libpam buffer overflow

Added: 01/08/2021 Background SunSSH is a fork of OpenSSH for Solaris. It provides remote login capability on Solaris platforms. Problem A buffer overflow vulnerability in libpam could allow a remote attacker to execute arbitrary commands by sending a specially crafted authentication request to...

PT-2021-11936

Name of the Vulnerable Software and Affected Versions: Ultimate Member plugin versions prior to 2.1.12 Description: An issue allows unauthenticated privilege escalation via user meta. An attacker can supply an array parameter for sensitive metadata, such as the wp capabilities user meta that...

PT-2020-14933 · Ghisler · Total Commander

Name of the Vulnerable Software and Affected Versions: Ghisler Total Commander version 9.51 Description: An issue was discovered due to insufficient access restrictions in the default installation directory, allowing an attacker to elevate privileges by replacing the...

PT-2020-4486 · Openjpeg +9 · Openjpeg +9

Name of the Vulnerable Software and Affected Versions: OpenJPEG versions through 2.3.1 Description: The issue is related to a use-after-free in the jp2/opj decompress.c component of the OpenJPEG library, which can be triggered by a mix of valid and invalid files in a directory operated on by the...

PT-2020-6385 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phplist version 3.5.3 Description: The issue is related to a lack of protection for the web page structure, allowing a remote attacker to perform cross-site scripting attacks. This can be achieved by creating a new username in the login name...

PT-2020-2210 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to the failure to protect the web page structure, allowing for cross-site...

Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two

One of the critical strategic and tactical roles that cyber threat intelligence CTI plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandian...

PT-2020-12079 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in...

Command Injection in Zingbox Inspector

A security vulnerability exists in the Zingbox Inspector that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. Ref: CVE-2019-15020 The vulnerability allows for an attacker in a position to intercept a software upda...

PT-2019-17135 · Ibm · Ibm Content Navigator

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator version 3.0CD Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

PT-2019-12379 · Hrworks · Hrworks

Name of the Vulnerable Software and Affected Versions: HRworks version 1.16.1 Description: A reflected Cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component. This can be achieved by manipulating the URL to includ...

PT-2019-9296 · Ibm · Ibm Informix Dynamic Server Enterprise Edition

Name of the Vulnerable Software and Affected Versions: IBM Informix Dynamic Server Enterprise Edition version 12.1 Description: A symbolic link vulnerability in .infxdirs could allow a local user logged in with database administrator privileges to gain root privileges. Recommendations: For IBM...

PT-2019-4726 · Wind River · Vxworks

Name of the Vulnerable Software and Affected Versions: Wind River VxWorks versions 6.9 through vx7 Description: The issue is related to a buffer overflow in the IPv4 component, specifically a stack overflow when parsing IPv4 packets' IP options. This can be exploited by a remote attacker to execu...

PT-2019-6349 · 3S Smart · Codesys Control Rte V3 +12

Name of the Vulnerable Software and Affected Versions: 3S-Smart CODESYS V3 products versions containing the CmpUserMgr component CODESYS Control for BeagleBone versions containing the CmpUserMgr component CODESYS Control for emPC-A/iMX6 versions containing the CmpUserMgr component CODESYS Control...

PT-2019-18072 · Sass +2 · Libsass +2

Name of the Vulnerable Software and Affected Versions: LibSass version 3.5.5 Description: A heap-based buffer over-read exists in the Sass::Prelexer::alternatives function in prelexer.hpp. Recommendations: For LibSass version 3.5.5, consider updating to a newer version to mitigate the risk,...

PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability

Proof-of-concept code found on the GitHub repository could allow attackers to easily take advantage of a recently identified vulnerability in the Apache Struts 2 framework. The vulnerability CVE-2018-11776, identified earlier this week, could allow an adversary to execute remote code on targeted...

grunt-images downloads Resources over HTTP

Affected versions of grunt-images insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

PT-2018-6275 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: The issue allows an attacker to send an authenticated HTTP request to trigger a buffer overflow. Specifically, the s mac key value is copied to a 25-byte buffer using strcpy. Sending a value longer than 2...

Server heap memory information leak.

Description All versions of Samba from 3.6.0 onwards are vulnerable to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared. There is no known vulnerability associated with this error, but uncleared heap memory may contain previous...

marktplatz-mittelstand.de XSS vulnerability

Vulnerable URL: https://www.marktplatz-mittelstand.de/query Details: Description| Value ---|--- Patched:| No Latest check for patch:| 17.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 185791 VIP website status:| No Coordinated Disclosure Timeline:...