Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Denial of Service Vulnerabilities

Cisco Firepower Threat Defense and Cisco Adaptive Security Appliance are both products of Cisco, Inc. Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services.Cisco Adaptive Security Appliance is a firewall and network security platform. Cisco...

IBM Maximo Asset Management Cross-Site Request Forgery Vulnerability (CNVD-2020-52459)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. IBM Maximo Asse...

Microsoft Dynamics 365 Cross-Site Scripting Vulnerability (CNVD-2020-52902)

Microsoft Dynamics 365 is Microsoft's next-generation intelligent business application that helps enterprises grow and digitally transform through the perfect integration of CRM and ERP. A cross-site scripting vulnerability exists in Microsoft Dynamics 365 Local Edition 8.2, 9.0. The vulnerabilit...

CVE-2020-3358

A vulnerability in the Secure Sockets Layer SSL VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service DoS condition. The vulnerability is due to a lack of proper input validation...

SonicOS SSLVPN External Service Interaction (DNS) Vulnerability

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction DNS due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. CVE: CVE-2020-5130 Last updated: July 16, 2020, 9:26 a.m...

CloudBees Jenkins Self-Organizing Swarm Plug-in Modules Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.Self-Organizing Swarm Plug-in Modules Plugin is a plug-in that supports the...

CVE-2020-10971

An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session...

WordPress HillReproGraphics Themes Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. WordPress HillReproGraphics Themes suffers from a cross-site request forgery vulnerability...

Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Request Forgery Vulnerability (CNVD-2020-17147)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site request forgery vulnerability exists in Chadha Software Technologies PHPKB Standard Multi-Language. The vulnerability...

Atlassian Jira Server and Data Center Cross-Site Request Forgery Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A cross-site request forgery vulnerability exists in Atlassian Jira Server and Data Center. The vulnerability stems from a WEB...

Advantech WebAccess SCADA Buffer Overflow (CVE-2019-3953)

A stack buffer overflow exists in Advantech WebAccess SCADA. The vulnerability is due to improper validation of user-supplied data in the request submitted to the target server with IOCTL 10012. Successful exploitation could lead to arbitrary code execution under context of Administrator...

Tiki Wiki CMS Groupware Cross-Site Request Forgery Vulnerability

Tiki Wiki CMS Groupware is a Wiki-based open source content management system and online office suite . A cross-site request forgery vulnerability exists in Tiki Wiki CMS Groupware version 5.2, which arises from a WEB application that does not adequately validate that a request is coming from a...

Sourcecodester Restaurant Management System Cross-Site Request Forgery Vulnerability

Sourcecodester Restaurant Management System is a restaurant management system. A cross-site request forgery vulnerability exists in the admin/staff-exec.php file in version 1.0 of the Sourcecodester Restaurant Management System, which originates from a WEB application that does not adequately...

CVE-2019-18220

Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...

OpenWrt Cross-Site Request Forgery Vulnerability

OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A cross-site request forgery vulnerability exists in OpenWrt LuCI, which stems from a WEB application that does not adequately validate whether a request is coming from a trusted user, and can be exploited by an...

UBUNTU-CVE-2019-6474

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...

The vulnerability of the Virtual Domain component of the Cisco Prime Infrastructure monitoring and network equipment management system, as well as the Cisco Evolved Programmable Network (EPN) Manager software, allows a hacker to alter the configuration of the virtual domain and increase their privileges.

The vulnerability of the Virtual Domain component of the Cisco Prime Infrastructure monitoring and network equipment management system, as well as the Cisco Evolved Programmable Network EPN Manager software, is related to errors in API request validation. Exploiting this vulnerability could allow...

CVE-2019-0734

An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how...

MetInfo Cross-Site Request Forgery Vulnerability (CNVD-2019-14687)

MetInfo is a content management system CMS developed by China Mito MetInfo using PHP and Mysql. A cross-site request forgery vulnerability exists in Metinfo version 5.3.18. The vulnerability stems from a WEB application that does not adequately validate whether a request is coming from a trusted...

IBM Cúram Social Program Management Cross-Site Request Forgery Vulnerability

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site request forgery vulnerability exists in IBM Cúram SPM, which arises from a WEB application that does not...