Multiple vulnerabilities in WordPress Plugin "Attendance Manager"

Overview WordPress Plugin "Attendance Manager" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5970 Cross-site request forgery vulnerability CWE-352 - CVE-2019-5971 Natsumi Matsuoka of Cryptography...

CVE-2019-6800

In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands...

PT-2019-18694 · Prima Systems · Flexair

Name of the Vulnerable Software and Affected Versions: Prima Systems FlexAir versions 2.3.38 and prior Description: The issue arises from parameters sent to scripts not being properly sanitized before being returned to the user. This may allow an attacker to execute arbitrary code in a user’s...

CVE-2018-13380

A Cross-site Scripting XSS vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling...

Multiple vulnerabilities in WordPress Plugin "Zoho SalesIQ"

Overview WordPress Plugin "Zoho SalesIQ" provided by Zoho SalesIQ Team contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-5962 Cross-site Request Forgery CWE-352 - CVE-2019-5963 Kouhei Ikeda of Cryptography Laboratory,Department of Information and Communication...

Kanboard Cross-Site Scripting Vulnerability

Kanboard is a suite of open source visual task board software. The software is able to customize the panels according to the business. A cross-site scripting vulnerability exists in the app / Core / Paginator.php file in versions prior to Kanboard 1.2.8. A remote attacker can exploit this...

CVE-2018-13375

An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in...

CVE-2018-13375

An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in...

CVE-2018-7827

A Cross-Site Scripting XSS vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session...

Microsoft Azure DevOps Server and Team Foundation Server Cross-Site Scripting Vulnerability

Microsoft Team Foundation Server and Microsoft Azure DevOps Server are both products of Microsoft Corporation, U.S.A. Microsoft Team Foundation Server is a suite of Application Lifecycle Management ALM tools that provide a platform for team collaboration. Microsoft Team Foundation Server is an...

Microsoft SharePoint Server CVE-2019-0963 Cross Site Scripting Vulnerability

Description Microsoft SharePoint Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

The vulnerability of the Dr.Web Enterprise Security Suite, an anti-virus protection tool, lies in the lack of restrictions on writing, reading, and creating files within the server folder. This allows attackers to execute arbitrary Lua scripts.

The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection lies in the absence of restrictions on writing, reading, and creating files within the server’s directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary Lua scripts without the need for th...

Fedora Update for pacemaker FEDORA-2019-e71f6f36ac

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-18286

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the...

PT-2019-12314

Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved through the notes parameter in the "notes.php" endpoint. Recommendations For I, Librarian versio...

PT-2019-12307

Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved through the export files parameter in the "export.php" API endpoint. Recommendations For I,...

CVE-2019-10905

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

CVE-2018-19275

The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system...

Apple iTunes Security Updates (HT209604)

Apple iTunes is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:itunes"; ifdescription...

LibreOffice Macro Code Execution

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script i...