CVE-2019-20487

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request exploitable directly or through CSRF, as demonstrated by the setup.cgi?todo=savehtpaccount URI...

CVE-2019-20488

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface setup.cgi are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost parameter...

OPENSUSE-SU-2020:0250-1 Security update for enigmail

This update for enigmail fixes the following issues: enigmail was updated to 2.1.5: Security issue: unsigned MIME parts displayed as signed bsc1159973 Ensure that upgrading GnuPG 2.0.x to 2.2.x upgrade converts keyring format Make Enigmail Compatible with Protected-Headers spec, draft 2 enigmail...

10Web Map Builder for Google Maps < 1.0.64 - Unauthenticated Stored XSS via Plugin Settings Change

The vulnerability in 10Web Map Builder exists in the plugin’s setup process. The plugin’s setup functions are called during admininit which, like Flexible Checkout Fields, is accessible to unauthenticated users. If an attacker injects malicious JavaScript into certain settings values, that code...

compile-sass Remote Code Execution Vulnerability

compile-sass is a module for compiling SASS and saving it to CSS files on-the-fly using node-sass. A security vulnerability exists in compile-sass versions prior to 1.0.5, which stems from the program failing to clean up the 'setupCleanupOnExit cssPath' function in the dist/index.js file before t...

"Unable to access the Virtual machines configuration: Unable to access file"

Unable to create machines using XenDesktop Setup wizard and observe error: '0 device created, 1 failed '. Detailed error: "Unable to access the Virtual machines configuration: Unable to access file "...

WordPress WooCommerce CardGate Payment Gateway 3.1.15 Bypass

Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

GUnet OpenEclass E-learning platform 1.7.3 - &#039;uname&#039; SQL Injection

Exploit Title: GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2019-11-03 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link: http://download.openeclass.org/files/1.7/eclass-1.7.3.tar.gz Version:...

Samsung Galaxy 10 Buffer Overflow Vulnerability

Samsung Galaxy 10 is a smartphone from Samsung, South Korea. A buffer overflow vulnerability exists in the Call Control Setup message in the Samsung Galaxy 10. The vulnerability stems from a networked system or product performing operations on memory without properly validating data boundaries,...

CVE-2020-8860

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O8.x, P9.0, Q10.0 devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The...

CVE-2020-8860

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O8.x, P9.0, Q10.0 devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The...

CVE-2020-8860

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O8.x, P9.0, Q10.0 devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The...

CVE-2020-5326

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology iRST Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settin...

CVE-2020-5326

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology iRST Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settin...

Authentication flaw

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology iRST Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settin...

CVE-2020-5326

Dell Client platforms are affected by a BIOS Setup authentication bypass in the pre-boot iRST Manager menu. The issue allows an attacker with physical access to change BIOS Setup configuration by selecting Optimized Defaults without entering the BIOS Admin password. Root cause and affected compon...

CVE-2020-5326

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology iRST Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settin...

(Pwn2Own) Samsung Galaxy S10 Call Control Setup Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy 10. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The specific flaw exists within the Call Control Setup messages. The issue...

CVE-2020-8959

CVE-2020-8959 affects Western Digital WesternDigitalSSDDashboardSetup.exe prior to version 3.0.2.0 and is described as allowing DLL hijacking. The vulnerability arises from the installer’s handling of DLL loading, with impacts stated as high for confidentiality, integrity, and availability, and a...

SUSE-SU-2020:0413-1 Security update for enigmail

This update for enigmail fixes the following issues: enigmail was updated to 2.1.5: Security issue: unsigned MIME parts displayed as signed bsc1159973 Ensure that upgrading GnuPG 2.0.x to 2.2.x upgrade converts keyring format Make Enigmail Compatible with Protected-Headers spec, draft 2 enigmail...