Mellow Fish YetiShare Information Disclosure Vulnerability

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A security vulnerability exists in the accountforgotpassword.ajax.php file in Mellow Fish YetiShare versions 3.5.2 through 4.5.3. An attacker can exploit the vulnerability to enumerate user accounts by guessi...

CVE-2019-19733

getallfileserverpaths.ajax.php aka getallfileserverpaths.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the fileIds parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS...

ezXML Code Problem Vulnerability

ezXML is an XML document parsing library . A code issue vulnerability exists in ezXML versions 0.8.2 through 0.8.6. The vulnerability arises from a design or implementation issue during code development of a networked system or product. An attacker could exploit the vulnerability to cause a NULL...

101 (>=0.3.0 <=0.7.1), 3c (>=0.0.1 <=1.0.0-alpha) +3347 more potentially affected by CVE-2019-19919 via handlebars (>=1.0.10 <=3.0.7)

handlebars NPM version =1.0.10, =0.3.0, =0.0.1, =0.0.1, =1.0.0, =1.0.1, =1.0.0, =1.31.0, =0.1.16, =0.9.33, =0.9.33, =5.0.2, =5.0.3, =5.0.6, =5.0.7 and more Source cves: CVE-2019-19919 Source advisory: OSV:GHSA-W457-6Q6X-CGP9...

chellow (>=2050.0.0 <=2231.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16789 via waitress (>=0.8.10 <=1.4.0)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.5 Source cves: CVE-2019-16789 Source advisory: OSV:PYSEC-2019-138...

CVE-2019-6022

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function...

chellow (>=2050.0.0 <=2230.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16785 via waitress (>=0.8.10 <=1.3.1)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.4 Source cves: CVE-2019-16785 Source advisory: OSV:PYSEC-2019-136...

Arbitrary File Upload Vulnerability in Contao

Contao is an open source content management system CMS developed using PHP. The system supports search engine , rights management and CSS framework . A vulnerability exists in Contao versions 4.0 through 4.8.5. An attacker can exploit the vulnerability to upload arbitrary files and execute them o...

Cyxtera Technologies Unspecified Vulnerability in Cyxtera AppGate SDP Client

Cyxtera Technologies Cyxtera AppGate SDP is a software-defined network border protection solution from Cyxtera Technologies, U.S.A. Cyxtera AppGate SDP Client is one of the client programs. A security vulnerability exists in Cyxtera Technologies Cyxtera AppGate SDP Client versions 4.1.x through...

IBM WebSphere Application Server Liberty Cross-Site Scripting Vulnerability

IBM WebSphere Application Server Liberty is a U.S. IBM company built on the Open Liberty project on top of the Java application server . A cross-site scripting vulnerability exists in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 19.0.0.11. A remote attacker can exploit this...

GitLab Information Disclosure Vulnerability (CNVD-2020-20438)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise...

IBM Tivoli Netcool Impact Cross-Site Scripting Vulnerability

IBM Tivoli Netcool Impact is a suite of network management software from IBM in the United States. The software has the ability to automate business-critical functions and provide a platform that provides unified access to real-time data, events and indicators. A cross-site scripting vulnerabilit...

Unspecified Vulnerability in Unbound IPSec Module

Unbound is a DNS resolver that supports authentication recursion and caching.IPSec is one of the Internet Security Protocol modules. A security vulnerability exists in the IPSec module in Unbound versions 1.6.4 through 1.9.4, which can be exploited by an attacker to execute shell code with the he...

ALPINE-CVE-2019-18934

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with --enable-ipsecmod support, and ipsecmod is enabled and used in the configuration...

Exhibitor Command Injection Vulnerability

Exhibitor is the supervisor service used to manage ZooKeeper server instances. A command injection vulnerability in the Config editor in Exhibitor versions 1.0.9 through 1.7.1 can be exploited by an attacker to execute any command as the user running the Exhibitor process by inserting arbitrary...

Apache Impala Access Control Error Vulnerability

Apache Impala is the United States Apache Apache Software Foundation of a large-scale, distributed parallel processing database query system. The system is able to query the Hadoop big data analytics software stored in HDFS distributed file system and HBase database in the petabyte of big data. A...

net.kieker-monitoring:analysis (>=2.0.0 <=2.0.3), org.apache.nutch:nutch (=1.10) potentially affected by CVE-2019-12406 via org.apache.cxf:cxf (>=2.7.18 <=3.0.4)

org.apache.cxf:cxf MAVEN version =2.7.18, =2.0.0, =2.0.3 - org.apache.nutch:nutch =1.10 Source cves: CVE-2019-12406 Source advisory: OSV:GHSA-58P8-9G59-Q2HR...

GitLab has an unspecified vulnerability (CNVD-2019-42897)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...

jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files...

glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress

filecopyfallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used...