288 matches found
PT-2020-13926
Name of the Vulnerable Software and Affected Versions: Trezor One versions prior to 1.9.1 Trezor Model T versions prior to 2.3.1 Description: The issue in the Bitcoin protocol specification, specifically BIP-143, mishandles the signing of a Segwit transaction. This allows attackers to trick a use...
PT-2020-15356 · Jenkins · Credentials Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Zephyr Enterprise Test Management Plugin versions 1.9.1 and earlier Description: The issue concerns the storage of the Zephyr password in plain text on the Jenkins master file system, specifically in the global configuration file...
File deletion vulnerability in ourphp v1.9.1 backend
OURPHP is Harbin Weicheng Technology Co., Ltd. developed a PHP + MySQL based on the development of W3C standards-compliant building system. ourphp v1.9.1 arbitrary file deletion vulnerability exists in the background. Attackers can use this vulnerability to delete website files, the integrity of...
CVE-2019-9647
Gila CMS 1.9.1 has XSS...
xss vulnerability exists in Xinhoo Collaboration Office v1.9.1
Xinhuo Co-operation Office System is an open source and cross-platform office system. A xss vulnerability exists in Xinhao Collaboration Office v1.9.1, which can be exploited by attackers to obtain an administrator cookie...
Code Injection in morgan
Verisons of morgan before 1.9.1 are vulnerable to code injection when user input is allowed into the filter or combined with a prototype pollution attack. Recommendation Update to version 1.9.1 or later...
haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash
A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...
USN-3439-1 ruby1.9.1 vulnerabilities
It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. CVE-2017-0898 Yusuke Endoh discovered that Ruby incorrectly handled certain files. An attacker could use this to execute terminal escape sequences. CVE-2017-0899 Yusuke Endoh...
Cross-Site Scripting Vulnerability in WordPress Content Audit Plugin
WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. A cross-site scripting vulnerability exists in the WordPress Content Audit version 1.9.1 plugin, which allows unauthenticated remote attackers to execute arbitrar...
ALPINE-CVE-2017-14727
logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized...
CVE-2017-6304
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."...
CVE-2017-6303
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."...
CVE-2017-6301
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."...
CVE-2017-6302
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."...
WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting
WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginwassuprealtimeanalyticswordpressplugin.html Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Abstract A stored...
WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting
Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginwassuprealtimeanalyticswordpressplugin.html Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Abstract A stored Cross-Site Scripting XSS vulnerability has been found in the WassUp Real Time...
OwnCloud Android Local Security Bypass Vulnerability
OwnCloud is a free and open source personal cloud storage solution from the German company OwnCloud.OwnCloud for Android is one of the Android versions. A local security bypass vulnerability exists in OwnCloud for Android versions prior to 1.9.1. A local attacker can exploit this vulnerability to...
WordPress Quasar Theme 1.9.1 Privilege Escalation
------------------------------------------------------------------------------ WordPress Quasar Theme Previlege Escalation ------------------------------------------------------------------------------ - Theme Link:...
Ruby <= 1.9.1 WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37710/info Ruby WEBrick is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. Attackers can exploit this issue to execute arbitrary commands in a terminal...
WordPress Plugin NextGEN Gallery 1.9.1 - 'photocrati_ajax' Arbitrary File Upload
source: https://www.securityfocus.com/bid/68414/info The NextGEN Gallery plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in an arbitrary code...