The vulnerability of the syntactic analyzer of the Microsoft XML Core Services for Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the syntactic analyzer of the Microsoft XML Core Services for Windows operating systems is related to errors in restricting XML references to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

W12Scan - A Simple Asset Discovery Engine For Cybersecurity

Chinese W12scan is a network asset discovery engine that can automatically aggregate related assets for analysis and use. Here is a web source program, but the scanning end is at w12scan-client Thinking Based on python3 + django + elasticsearch + redis and use the web restful api to add scan...

openSUSE Security Update : cgit (openSUSE-2019-595)

This update for cgit fixes the following issues : The following security vulnerability was addressed : - CVE-2018-14912: Fixed a directory traversal vulnerability, when enable-http-clone=1 is not turned off boo1103799 The following other changes were made : - Update to upstream release 1.2.1 -...

The vulnerability of the fly-admin-ntp package for managing NTP time services on the Astra Linux operating system allows a perpetrator to cause a service failure.

The vulnerability of the fly-admin-ntp package for managing NTP time services on the Astra Linux operating system is related to incorrect syntax analysis and processing of the configuration file. Exploiting this vulnerability can allow an attacker to cause a service failure...

DEBIAN-CVE-2019-9209

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values...

OPENSUSE-SU-2019:0244-1 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - Update to 2.8 - Added target parameter to urlize function. - Added support for followsymlinks to the file system loader. - The truncate filter now counts the length. - Added equalto filter that helps with select filters. - Changed cache...

UBUNTU-CVE-2019-9162

In the Linux kernel before 4.20.12, net/ipv4/netfilter/nfnatsnmpbasicmain.c in the SNMP NAT module has insufficient ASN.1 length checks aka an array index error, making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmpversion and...

jenkins-plugin-workflow-cps: Sandbox Bypass in Pipeline: Groovy Plugin

A flaw was found in Jenkins Pipeline. In the Declarative plugin, the script sandbox protection could be circumvented during the script compilation phase by applying AST. Both the pipeline validation REST APIs and the actual script/pipeline execution are affected. This allows users with Overall/Re...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. This CVE id is an example number in https://cve.mitre.org/cve/identifiers/syntaxchange.html. Notes: none...

CVE-2014-1000000

CVE-2014-1000000 is rejected and not used; this entry does not represent an active vulnerability.

Fedora 29 : python-markdown2 (2019-095c760511)

python-markdown2 2.3.7 - pull 306 Drop support for legacy Python versions - pull 307 Fix syntax highlighting test cases that depend on Pygments output - pull 308 Add support for Python 3.7 - pull 304 Add Wheel package support - pull 312 Fix tocdepth initialization regression - pull 315 XSS fix No...

Fedora 28 : python-markdown2 (2019-a16e1127d3)

python-markdown2 2.3.7 - pull 306 Drop support for legacy Python versions - pull 307 Fix syntax highlighting test cases that depend on Pygments output - pull 308 Add support for Python 3.7 - pull 304 Add Wheel package support - pull 312 Fix tocdepth initialization regression - pull 315 XSS fix No...

SQL Injection in sequelize

Affected versions of sequelize use MySQL's backslash-based escape syntax when connecting to SQLite, despite the fact that SQLite uses PostgreSQL's escape syntax, which can result in a SQL Injection vulnerability. Recommendation Update to version 1.7.0-alpha3 or later...

qdPM 9.1 - search_by_extrafields[] SQL Injection

qdPM 9.1 - searchbyextrafields SQL Injection =========================================================================================== Exploit Title: qdPM 9.1 - 'searchbyextrafields' SQL Injection Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...

Joomla vWishlist 1.0.1 Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component vWishlist 1.0.1 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...

Joomla! Component vWishlist 1.0.1 - SQL Injection

Exploit Title: Joomla! Component vWishlist 1.0.1 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/extension-specific/virtuemart-extensions/vwishlist/ Version: 1.0.1...

WordPress Plugin WP-Syntax Download Extension Database Backup Leakage Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A database backup disclosure vulnerability exists in WordPress plugin WP-Syntax Download Extension. An attacker can exploit t...

CVE-2018-20405

BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue...

CVE-2018-20405

BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue...

CVE-2018-20405

BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue...