SUSE-SU-2019:14097-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

CVE-2019-12507

An XSS vulnerability exists in PHPRelativePath aka Relative Path through 1.0.2 via the RelativePath.Example1.php path parameter...

Cross site scripting

An XSS vulnerability exists in PHPRelativePath aka Relative Path through 1.0.2 via the RelativePath.Example1.php path parameter...

NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass

Exploit Title: NetNumber Titan ENUM/DNS/NP - Path Traversal - Authorization Bypass Google Dork: N/A Date: 4/29/2019 Exploit Author: MobileNetworkSecurity Vendor Homepage: https://www.netnumber.com/products/data Software Link: N/A Version: Titan Master 7.9.1 Tested on: Linux CVE : N/A Type: WEBAPP...

CVE-2018-18276

XSS exists in the ProFiles 1.5 component for Joomla! via the name or path parameter when creating a new folder in the administrative panel...

CVE-2018-16967

There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wpfilemanagerroot publicpath parameter...

CVE-2018-16966

There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wpfilemanagerroot publicpath parameter...

PT-2019-9387 · WordPress · Mndpsingh287 File Manager

Name of the Vulnerable Software and Affected Versions: mndpsingh287 File Manager plugin version 3.0 Description: The issue is related to an XSS vulnerability. It affects the mndpsingh287 File Manager plugin for WordPress, specifically via the public path parameter in the page=wp file manager root...

PT-2019-9386 · WordPress · Mndpsingh287 File Manager

Name of the Vulnerable Software and Affected Versions: mndpsingh287 File Manager plugin version 3.0 for WordPress Description: The issue is related to a CSRF vulnerability. It affects the public path parameter in the page=wp file manager root endpoint. Recommendations: For version 3.0 of the...

UltraVNC Launcher 1.2.2.4 - 'Path' Denial of Service (PoC)

Exploit Title: UltraVNC Launcher 1.2.2.4 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-14 Vendor Homepage: https://www.uvnc.com/ Software Link: https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html Tested Version: 1.2.2.4 Tested on: Windows 7 x64...

CVE-2018-13297

Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsmpath parameter...

CVE-2018-13288

Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

CVE-2018-13289

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager SRM before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

CVE-2018-13288

Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

CVE-2018-13297

Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsmpath parameter...

CVE-2018-13290

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

Information disclosure

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

PT-2019-8962 · Synology · Synology Drive

Name of the Vulnerable Software and Affected Versions: Synology Drive versions prior to 1.1.2-10562 Description: The issue allows remote attackers to obtain sensitive system information. This is achieved via the dsm path parameter. Recommendations: For versions prior to 1.1.2-10562, update to...

CVE-2018-19934

SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting XSS in the Web management interface via URL path and HTTP POST parameter...

Path traversal

tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file jpg/jpeg/png via path traversal with the path parameter, through the saveimg action in ajaxcalls.php...