New vulnerabilities from the NVD: CVE-2016-11021 | | setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. Published at: March 09, 2020 at 03:15AM View on website March 09, 2020 at 07:48AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-7968 | | nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI. Published at: March 09, 2020 at 04:15PM View on website March 09, 2020 at 06:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-7344 | | |
New vulnerabilities from the NVD: CVE-2015-7343 | | |
New vulnerabilities from the NVD: CVE-2016-6918 | | Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. ( Published at: March 09, 2020 at 07:15PM View on website March 09, 2020 at 09:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-1159 | | In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. Published at: March 09, 2020 at 07:15PM View on website March 09, 2020 at 09:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-7342 | | JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. Published at: March 09, 2020 at 07:15PM View on website March 09, 2020 at 09:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-7341 | | JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. Published at: March 09, 2020 at 07:15PM View on website March 09, 2020 at 09:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-7340 | | JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action. Published at: March 09, 2020 at 07:15PM View on website March 09, 2020 at 09:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-7339 | | JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script. Published at: March 09, 2020 at 07:15PM View on website March 09, 2020 at 09:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-7338 | | SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php. Published at: March 09, 2020 at 07:15PM View on website March 09, 2020 at 09:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2014-1634 | | SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. Published at: March 09, 2020 at 07:15PM View on website March 09, 2020 at 09:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-1487 | | Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization. Published at: March 09, 2020 at 09:15PM View on website March 09, 2020 at 11:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2011-4538 | | Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings. Published at: March 09, 2020 at 09:15PM View on website March 09, 2020 at 11:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2011-3269 | | Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. Published at: March 09, 2020 at 09:15PM View on website March 09, 2020 at 11:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-10065 | | An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753. Published at: March 10, 2020 at 03:15PM View on website March 10, 2020 at 05:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-18894 | | Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server. Published at: March 10, 2020 at 03:15PM View on website March 10, 2020 at 05:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-14502 | | controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. Published at: March 10, 2020 at 03:15PM View on website March 10, 2020 at 05:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-10992 | | In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461. Published at: March 10, 2020 at 03:15PM View on website March 10, 2020 at 05:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-1096 | | NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. Published at: March 10, 2020 at 07:15PM View on website March 10, 2020 at 09:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-1094 | | JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. Published at: March 10, 2020 at 07:15PM View on website March 10, 2020 at 09:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-1101 | | systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). Published at: March 11, 2020 at 05:15PM View on website March 11, 2020 at 07:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-1753 | | The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. Published at: March 11, 2020 at 07:15PM View on website March 11, 2020 at 09:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2011-2487 | | The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. Published at: March 11, 2020 at 06:15PM View on website March 11, 2020 at 09:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-1000111 | | Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. Published at: March 11, 2020 at 10:15PM View on website March 12, 2020 at 01:02AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-20586 | | bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call. Published at: March 12, 2020 at 11:15PM View on website March 13, 2020 at 12:49AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-19516 | | messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. Published at: March 12, 2020 at 11:15PM View on website March 13, 2020 at 12:49AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-10704 | | |
New vulnerabilities from the NVD: CVE-2017-18350 | | bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name. Published at: March 12, 2020 at 11:15PM View on website March 13, 2020 at 12:49AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-3641 | | bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack. Published at: March 12, 2020 at 11:15PM View on website March 13, 2020 at 12:49AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2009-5159 | | Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. Published at: March 13, 2020 at 05:15PM View on website March 13, 2020 at 06:49PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар