1045 matches found
CVE-2019-15041
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere...
Design/Logic Flaw
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere...
CVE-2019-15041
CVE-2019-15041 affects JetBrains YouTrack. YouTrack versions before 2019.1.52545 allow unbounded URL whitelisting due to Inclusion of Functionality from an Untrusted Control Sphere. Public sources (Red Hat, CNVD, CVE listings) confirm the issue and associate the fixed build with YouTrack 2019.1.5...
Prima Systems FlexAir
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Prima Systems Equipment: FlexAir Vulnerabilities : OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site...
KLA11586 Linux Kernel TCP SACK Denial of Service Vulnerability
Various vulnerabilities was found in Linux Kernel. Microsoft adresses the various effects of these vulnerabilities and provides links to more information: 1. If you are running a Linux kernel in your Azure environment, you should contact the provider of that Linux kernel to understand their...
IBM InfoSphere Information Analyzer, InfoSphere Information Governance Catalog and InfoSphere Information Server on Cloud Information Disclosure Vulnerabilities
IBM InfoSphere Information Analyzer, InfoSphere Information Governance Catalog, and InfoSphere Information Server on Cloud are products of IBM USA. An information disclosure vulnerability exists in IBM InfoSphere Information Analyzer, InfoSphere Information Governance Catalog, and InfoSphere...
CVE-2018-16660
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation...
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected...
GHSA-JWQM-C9F2-2CQ3 Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected...
Joomla Akeeba Backup 6.3.3 Database Disclosure
Exploit Title : Joomla Akeeba Backup Components 6.3.3 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 19/01/2019 Vendor Homepage : akeebabackup.com Software Information Link : extensions.joomla.org/extension/akeeba-backup/ Software Download...
Joomla ZHYandexMap 8.0.0.2 Database Disclosure
Exploit Title : Joomla ZHYandexMap Components 8.0.0.2 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 18/01/2019 Vendor Homepage : joomla.org Software Information Link : extensions.joomla.org/extension/zh-yandexmap/ Software Download Link :...
CVE-2018-5403
Imperva SecureSphere gateway GW running v13, for both pre-First Time Login or post-First Time Login FTL, if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface...
WordPress Orbis 1.3.3 Database Disclosure
Exploit Title : WordPress Orbis Plugins 1.3.3 Pronamic Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 06/12/2018 Vendor Homepage : pronamic.eu wordpress.org/plugins/orbis/ Software Download Link :...
WordPress Search-Engine 0.5.9 Database Disclosure
Exploit Title : WordPress Search-Engine Plugins 0.5.9 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 06/12/2018 Vendor Homepage : wordpress.org/plugins/search-engine/ Software Download Link :...
WordPress newwpml 3.0 Database Disclosure
Exploit Title : WordPress newwpml Plugins 3.0 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 06/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version Information :...
WordPress jomiz-plugins-accounting 1.0 Database Disclosure
Exploit Title : WordPress jomiz-plugins-accounting Plugins 1.0 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/12/2018 Vendor Homepage : wordpress.org Tested On : Windows and Linux Software Download Link : N/A Category : WebApps Explo...
WordPress HitAppoint 5.0.5 Database Disclosure
Exploit Title : WordPress HitAppoint Plugins 5.0.5 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/12/2018 Vendor Homepage : wordpress.org hitappoint.com/wordpress-appointment-plugin/ Software Download Link : N/A Tested On : Windows a...
WordPress Events Calendar Premium 1.0 Database Disclosure
Exploit Title : WordPress events-calendar-premium Plugins 1.0 Database Backup Information Disclosure Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 30/11/2018 Vendor Homepage : wordpress.org Tested On : Windows and Linux Category : WebApps Version...
WordPress WP Complete Backup 3.0.5 Database Backup Disclosure
Exploit Title : WordPress wp-complete-backup Plugins 3.0.5 Database Backup Information Disclosure Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 30/11/2018 Vendor Homepage : wordpress.org/plugins/wp-complete-backup/ Software Download Link :...
WordPress Delme 3.0 Database Disclosure
Exploit Title : WordPress Delme Plugins 3.0 Database Backup Information Disclosure Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 28/11/2018 Vendor Homepage : wordpress.org Tested On : Windows and Linux Category : WebApps Version Information : 3.0...