NVD: fully analised CVE

Subscribe to NVD: fully analised CVE hírcsatorna
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Frissítve: 1 óra 59 perc
2019. március 22.

CVE-2019-9925 (s-cms)

S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
2019. március 22.

CVE-2019-9927 (caret)

Caret before 2019-02-22 allows Remote Code Execution.
2019. március 22.

CVE-2019-9912 (wp_google_maps)

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
2019. március 22.

CVE-2019-9913 (wp_live_chat_support)

The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
2019. március 22.

CVE-2019-9915 (getsimplecms)

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.
2019. március 21.

CVE-2019-9894 (putty)

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
2019. március 21.

CVE-2019-9895 (putty)

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
2019. március 21.

CVE-2019-9896 (putty)

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
2019. március 21.

CVE-2019-9897 (putty)

Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
2019. március 21.

CVE-2019-9898 (putty)

Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
2019. március 21.

CVE-2019-7429 (property_rental_software)

PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory.
2019. március 21.

CVE-2019-7430 (image_sharing_script)

PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar.
2019. március 21.

CVE-2019-7431 (image_sharing_script)

PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory.
2019. március 21.

CVE-2019-7433 (rental_bike_script)

PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
2019. március 21.

CVE-2019-7434 (rental_bike_script)

PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory.
2019. március 21.

CVE-2019-7422 (manageengine_netflow_analyzer)

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.
2019. március 21.

CVE-2019-7423 (manageengine_netflow_analyzer)

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.
2019. március 21.

CVE-2019-7424 (manageengine_netflow_analyzer)

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.
2019. március 21.

CVE-2019-7425 (manageengine_netflow_analyzer)

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.
2019. március 21.

CVE-2019-7416 (documentum_webtop)

XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable.