NVD: fully analised CVE

Subscribe to NVD: fully analised CVE hírcsatorna
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Frissítve: 30 perc 32 másodperc
2019. július 19.

CVE-2019-13977 (ovidentia)

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.
2019. július 19.

CVE-2019-13978 (ovidentia)

Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.
2019. július 19.

CVE-2019-13972 (layerbb)

LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.
2019. július 19.

CVE-2019-13973 (layerbb)

LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.
2019. július 19.

CVE-2019-13974 (layerbb)

LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.
2019. július 19.

CVE-2019-13969 (metinfo)

Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
2019. július 19.

CVE-2019-7848 (campaign)

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
2019. július 19.

CVE-2019-7850 (campaign)

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
2019. július 19.

CVE-2019-7941 (campaign)

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
2019. július 19.

CVE-2019-7953 (experience_manager)

Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
2019. július 19.

CVE-2019-7955 (experience_manager)

Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
2019. július 19.

CVE-2019-7956 (dreamweaver)

Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.
2019. július 18.

CVE-2019-13961 (flatcore)

A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php.
2019. július 18.

CVE-2019-13959 (bento4)

In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186.
2019. július 18.

CVE-2019-13951 (gdnsd)

The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data.
2019. július 18.

CVE-2019-13952 (gdnsd)

The set_ipv6() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data.
2019. július 18.

CVE-2019-1010259 (salt_2018, salt_2019)

SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt (https://github.com/saltstack/salt/blob/develop/salt/modules/mysql.py#L1462). The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.
2019. július 18.

CVE-2019-1010261 (gitea)

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later.
2019. július 18.

CVE-2019-1010262 (scapy)

scapy 2.4.0 and earlier is affected by: Denial of Services. The impact is: busy loop forever. The component is: _RADIUSAttrPacketListField class. The attack vector is: a packet sent over the network or in a pcap. The fixed version is: after commit 0d7ae2b039f650a40e511d09eb961c782da025d9.
2019. július 18.

CVE-2019-13948 (syguestbook_a5)

SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element.