1352 matches found
CVE-2019-19541
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page...
CVE-2019-19542
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page...
CVE-2019-19542
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page...
CVE-2019-19541
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page...
Cross site scripting
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page...
Linux kernel resource management error vulnerability (CNVD-2019-41705)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A resource management error vulnerability exists in the 'v3dsubmitclioctl' function in the drivers/gpu/drm/v3d/v3dgem.c file in versions of Linux kernel prior to 5.3.1...
CVE-2019-19052
A memory leak in the gscanopen function in drivers/net/can/usb/gsusb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service memory consumption by triggering usbsubmiturb failures, aka CID-fb5be6a7b486...
UBUNTU-CVE-2019-19052
A memory leak in the gscanopen function in drivers/net/can/usb/gsusb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service memory consumption by triggering usbsubmiturb failures, aka CID-fb5be6a7b486...
CVE-2019-19044
Two memory leaks in the v3dsubmitclioctl function in drivers/gpu/drm/v3d/v3dgem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service memory consumption by triggering kcalloc or v3djobinit failures, aka CID-29cd13cfd762...
Linux kernel memory leak vulnerability (CNVD-2019-41278)
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory leak vulnerability exists in the ath10kusbhiftxsg function in drivers/net/wireless/ath/ath10k/usb.c in Linux...
Linux kernel memory leak vulnerability (CNVD-2019-41264)
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory leak vulnerability exists in the rtl8xxxusubmitinturb function in...
PT-2019-4091 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.3.11 Description: The issue is related to two memory leaks in the v3d submit cl ioctl function, located in drivers/gpu/drm/v3d/v3d gem.c. This can lead to a denial of service due to memory consumption when...
The vulnerability of the onSubmit() method of the Horde_Form_Type_image class (Horde/Form/Type.php) in the php-horde-form functionality allows a attacker to compromise data integrity, gain access to confidential data, and cause service interruptions.
The vulnerability of the onSubmit method in the HordeFormTypeimage class Horde/Form/Type.php of the php-horde-form functionality package is related to incorrect elimination of special characters in the POST parameter. This can lead to incorrect restrictions on the path to a restricted directory...
FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion
Exploit Title: FlightPath 4.8.2 & 5.0-rc2 - Local File Inclusion Date: 07-07-2019 Exploit Author: Mohammed Althibyani Vendor Homepage: http://getflightpath.com Software Link: http://getflightpath.com/project/9/releases Version: 4.8.2 & 5.0-rc2 Tested on: Kali Linux CVE : CVE-2019-13396 Parameters...
CVE-2019-13396
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the forminclude parameter in an index.php?q=system-handle-form-submit POST request because of an includeonce in systemhandleformsubmit in modules/system/system.module...
CVE-2019-13396
FlightPath is affected by CVE-2019-13396: versions prior to 4.8.2 and 5.0-rc2 contain a Local File Inclusion vulnerability caused by include_once in system_handle_form_submit, enabling directory traversal via the form_include parameter in index.php?q=system-handle-form-submit. Impact cited includ...
Open Faculty Evaluation System SQL Injection Vulnerability (CNVD-2019-18736)
Open Faculty Evaluation System is a PHP and MySQL based teacher evaluation system. The system provides Web-based graphical reports and Excel file reports, and supports student subject ratings for teachers. A SQL injection vulnerability exists in the submitfeedback.php file in Open Faculty...
CVE-2018-18758
Open Faculty Evaluation System 7 for PHP 7 allows submitfeedback.php SQL Injection, a different vulnerability than CVE-2018-18757...
PT-2019-11725 · Jenkins · Jenkins Artifactory Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Artifactory Plugin versions 3.2.2 and earlier Description: A cross-site request forgery issue allows attackers to perform certain actions, including scheduling a release build, performing release staging for Gradle and Maven projects,...
Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution
Exploit Title: Interspire Email Marketer 6.20 - Remote Code Execution Date: May 2019 Exploit Author: Numan Türle Vendor Homepage: https://www.interspire.com Software Link: https://www.interspire.com/emailmarketer Version: 6.20 $widget foreach $widget as $widgetKey = $fields foreach $fields as...