CVE-2020-6937

A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion...

BIT-RABBITMQ-2020-5419

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking...

SUSE CVE-2020-5419

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking...

WordPress 3.8.x < 3.8.39 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A SQL injection vulnerability within the Link API. - A Cross-Site Scripting XSS vulnerability on the Plugins screen. - An output escaping issue within themeta. Note that t...

PT-2020-18471 · Pivotal +1 · Rabbitmq

Name of the Vulnerable Software and Affected Versions: RabbitMQ versions 3.8.x prior to 3.8.7 Description: The issue allows for arbitrary code execution due to a Windows-specific binary planting security vulnerability. An attacker with write privileges to the RabbitMQ installation directory and...

Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation

Exploit Title: Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Discovered by: Elwood Buck & Nolan B. Kennedy of Mindpoint Group Exploit Author: Nolan B. Kennedy nxkennedy Discovery date: 2019-09-20 Vendor Homepage: https://www.kronos.com/products/kronos-webta Version: 3.8.x - 4.0...

Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation

Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Exploit Title: Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Discovered by: Elwood Buck & Nolan B. Kennedy of Mindpoint Group Exploit Author: Nolan B. Kennedy nxkennedy Discovery date: 2019-09-20 Vendor Homepage:...

WordPress 3.8.x < 3.8.17 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...

Joomla! 3.8.x < 3.8.2 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by an authentication bypass and multiple information disclosure vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

Design/Logic Flaw

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records...

WordPress < 3.7.6 / 3.8.x < 3.8.6 / 3.9.x < 3.9.4 / 4.1.x < 4.1.2 Multiple Vulnerabilities

Binary data 9026.prm...

UBUNTU-CVE-2013-3372

Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting XSS attacks via unspecified vectors...

PT-2009-6116 · Best Practical Solutions · Rt

Name of the Vulnerable Software and Affected Versions: Best Practical Solutions RT versions 3.4.6 through 3.8.4 Best Practical Solutions RT versions 3.6.x through 3.6.8 Best Practical Solutions RT versions 3.8.x through 3.8.4 Description: A cross-site scripting XSS issue allows remote attackers t...

Cross site request forgery (csrf)

The jumpUrl mechanism in class.tslibfe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret juHash in an error message, which allows remote attackers to read arbitrary files by including the hash in a request...

Tcpdump 3.8.x - &#039;rt_routing_info&#039; Infinite Loop Denial of Service

/ tcpdump3.8.x: BGP RTROUTINGINFO infinite loop DOS. by: vade79/v9 [email protected] fakehalo/realhalo compile: gcc xtcpdump-bgp-dos.c -o xtcpdump-bgp-dos gcc xtcpdump-bgp-dos.c -o xtcpdump-bgp-dos -DUSESYN tcpdump homepage/URL: http://www.tcpdump.org fix: this appears to have been fixed in the alph...