HPSBHF03645 rev. 3 - NVIDIA GPU Display Driver Vulnerabilities 2019

Potential Security Impact Denial of service, escalation of privilege, unauthorized code execution, or information disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: NVIDIA VULNERABILITY SUMMARY HP has been notified of potential security vulnerabilities with the GPU Displa...

CVE-2019-7004

A Cross-Site Scripting XSS vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not...

Cross site scripting

A Cross-Site Scripting XSS vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not...

CVE-2019-7004

Avaya IP Office Application Server 11.x WebUI is vulnerable to Cross-Site Scripting (XSS) in the login page (via POST) due to improper input sanitization. Exploitation exists (POST username) and could execute arbitrary JavaScript in a user’s browser. Affected versions include 11.x up to 11.0 FP4 ...

CVE-2019-7004 Avaya IP Office XSS Vulnerability

A Cross-Site Scripting XSS vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not...

Design/Logic Flaw

An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak...

Revive Adserver 4.2 - Remote Code Execution

Exploit Title: Revive Adserver 4.2 - Remote Code Execution Google Dork: "inurl:www/delivery filetype:php" Exploit Author: crlf Vendor Homepage: https://www.revive-adserver.com/ Software Link: https://www.revive-adserver.com/download/archive/ Version: 4.1.x '' : @list$x, $url, $code = $argv;...

CVE-2019-17650

An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check...

CVE-2019-17650

An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check...

CVE-2019-17650

An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check...

CVE-2019-19041

An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by...

Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system OS with root privileges. The vulnerability is due to insufficient file location validatio...

Security Bulletin: IBM Security Key Lifecycle Manager uses Components with Known Vulnerabilities (CVE-2019-4322 CVE-2019-4386 CVE-2019-4154 CVE-2019-4102 CVE-2019-4101 CVE-2019-4057)

Summary IBM Security Key Lifecycle Manager uses IBM DB2 for Linux, UNIX and Windows which has some known vulnerabilities. Vulnerability Details CVEID: CVE-2019-4386 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1 could allow an authenticated user to execute a...

CVE-2018-18630

A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code...

CVE-2018-18630

A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code...

CVE-2018-18630

CVE-2018-18630 affects Change Healthcare/Cardiology devices, notably McKesson Cardiology 13.x and 14.x. The vulnerability arises from incorrect default file permissions (CWE-276), enabling a locally authenticated attacker to insert or modify files and potentially execute arbitrary code with high ...

CVE-2019-11246

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

CVE-2019-5590

The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands Cross Site Scripting via attack reports generated in HTML form...

CVE-2019-14654

In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9...

CVE-2017-18447

cPanel before 64.0.21 allows demo accounts to execute code via the ClamScannergetsocket API SEC-251...