EVLink Parking Code Injection Vulnerability

Schneider Electric EVLink Parking is a commercial electric vehicle charging solution from Schneider Electric, France. A code injection vulnerability exists in Schneider Electric EVLink Parking 3.2.0-12v1 and prior versions. A remote attacker could exploit this vulnerability to execute code and ga...

CVE-2018-7800

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12v1 and earlier, which could enable an attacker to gain access to the device...

CVE-2018-7802

A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12v1 and earlier, which could give access to the web interface with full privileges...

CVE-2018-19083

WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialcharsdecode function via the /?/publish/ajax/publishquestion/ questioncontent parameter...

Samba 'libsmbclient' Heap Buffer Overflow Vulnerability (Aug 2018)

Samba is prone to a heap based buffer overflow vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Arbitrary File Upload Vulnerability in POSCMS v3.2.0 (Free Edition)

POSCMS PhpOpenSourceCMS is a PHP and MySQL based, open source, cross-platform web content management system CMS. POSCMS 3.2.0 free version suffers from an arbitrary file upload vulnerability. An attacker can exploit the vulnerability to write files and execute arbitrary code to gain server...

SQL Injection Vulnerability in POSCMS v3.2.0 (Free Edition) R***.php Page

POSCMS PhpOpenSourceCMS is a set of China Tianrui information technology company developed a set of PHP and MySQL-based, open source, cross-platform Web content management system CMS. A SQL injection vulnerability exists in the R.php page of POSCMS v3.2.0 free version, which is caused by the...

Schneider Electric Evlink Charging Station Elevation of Privilege Vulnerability

The Schneider Electric Evlink Charging Station is a commercial electric vehicle charging solution from the French company Schneider Electric. A security vulnerability exists in the web interface of Schneider Electric Evlink Charging Station prior to version 3.2.0-12v1, which is caused by the...

CVE-2018-7778

In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users...

CVE-2018-11053

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system /etc/hosts to world writable. A malicious low privileged operating system user or process...

CVE-2017-1000419

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...

liblouis: Illegal address access in the _lou_getALine() function

There is an illegal address access in the function lougetALine in compileTranslationTable.c:343 in Liblouis 3.2.0...

DEBIAN-CVE-2017-13742

There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile in compileTranslationTable.c, that will lead to a remote denial of service attack...

Apache OpenMeetings Security Restriction Vulnerability

Apache OpenMeetings is the United States Apache Apache Software Foundation developed a set of multi-language customizable video conferencing and collaboration system, which supports audio, video and allows users to view each participant's desktop and so on. A security vulnerability exists in Apac...

CVE-2017-9599

The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

Joomla! 'swf' File Upload And Multiple XSS Vulnerabilities

Joomla is prone to swf file upload and multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Type confusion

In Joomla! 3.2.0 through 3.6.5 fixed in 3.7.0, inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden...

Pivotal Spring Security Security Bypass Vulnerability

Pivotal Software Spring Security is a suite of security frameworks from Pivotal Software, Inc. that provide illustrative security protection for Spring-based applications. A security bypass vulnerability exists in Spring Security versions 3.2.0 - 3.2.9, 4.0.x - 4.1.3 and 4.2.0. An attacker can...

PT-2016-4060 · Libarchive +2 · Libarchive +2

Name of the Vulnerable Software and Affected Versions: libarchive versions prior to 3.2.0 Description: The issue allows remote attackers to cause a denial of service crash via crafted cab files. This is related to "overlapping memcpy" in the archive string append function in archive string.c...

Libarchive Integer Overflow Vulnerability

libarchive is a multi-format archive and compression library. An integer overflow vulnerability exists in libarchive 3.2.0 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary code with the help of specially crafted files...