New vulnerabilities from the NVD: CVE-2019-16956 | |
|
New vulnerabilities from the NVD: CVE-2019-4728 | | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452. Published at: January 05, 2021 at 05:15PM View on website January 05, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-20484 | | An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in. Published at: January 06, 2021 at 12:15AM View on website January 06, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-20483 | | An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application. Published at: January 05, 2021 at 11:15PM View on website January 06, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10658 | | The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization. Published at: January 06, 2021 at 04:15PM View on website January 06, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10657 | | The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker (with admin or config-admin privileges in the console) to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization. Published at: January 06, 2021 at 04:15PM View on website January 06, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10656 | | The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization. Published at: January 06, 2021 at 04:15PM View on website January 06, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10655 | | The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization. Published at: January 06, 2021 at 04:15PM View on website January 06, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13545 | | An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability. Published at: January 06, 2021 at 05:15PM View on website January 06, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13544 | | An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the loop’s index being used to write outside the bounds of a heap buffer during the reading of file data. An attacker can entice the victim to open a document to trigger this vulnerability. Published at: January 06, 2021 at 05:15PM View on website January 06, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-10001 | | The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts. Published at: January 06, 2021 at 05:15PM View on website January 06, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-16962 | | Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report. Published at: January 06, 2021 at 07:15PM View on website January 06, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-16954 | | SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket. Published at: January 06, 2021 at 07:15PM View on website January 06, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-25498 | | Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and "Keyword" in URL Filter. Published at: January 07, 2021 at 12:15AM View on website January 07, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24902 | | Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. Published at: January 07, 2021 at 03:15PM View on website January 07, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24901 | | The default installation of Krpano Panorama Viewer version <=1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugin[test].url. Published at: January 07, 2021 at 03:15PM View on website January 07, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24900 | | The default installation of Krpano Panorama Viewer version <=1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml. Published at: January 07, 2021 at 03:15PM View on website January 07, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13573 | | A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. Published at: January 07, 2021 at 08:15PM View on website January 07, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-20316 | | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. Published at: January 07, 2021 at 08:15PM View on website January 07, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-20315 | | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read. Published at: January 07, 2021 at 08:15PM View on website January 07, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-20314 | | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read. Published at: January 07, 2021 at 08:15PM View on website January 07, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-20313 | | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. Published at: January 07, 2021 at 08:15PM View on website January 07, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-20312 | | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. Published at: January 07, 2021 at 07:15PM View on website January 07, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-20311 | | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. Published at: January 07, 2021 at 07:15PM View on website January 07, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-20310 | | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. Published at: January 07, 2021 at 07:15PM View on website January 07, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-20309 | | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read. Published at: January 07, 2021 at 07:15PM View on website January 07, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-19418 | | Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control. Published at: January 07, 2021 at 07:15PM View on website January 07, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-18689 | | The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop. Published at: January 07, 2021 at 08:15PM View on website January 07, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-18688 | | The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader. Published at: January 07, 2021 at 08:15PM View on website January 07, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13452 | | In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution. Published at: January 08, 2021 at 12:15AM View on website January 08, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13451 | | An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros. Published at: January 08, 2021 at 12:15AM View on website January 08, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13450 | | A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution. Published at: January 08, 2021 at 12:15AM View on website January 08, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13449 | | A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files. Published at: January 08, 2021 at 12:15AM View on website January 08, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18643 | | Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to upload ASPX code and gain remote code execution on the application. The application typically runs as LocalSystem as mandated in the installation guide. Patched in versions 8.10 and 9.4. Published at: January 07, 2021 at 11:15PM View on website January 08, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18642 | | Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the email address of another account, even the administrator account. Upon changing another account's email address, performing a password reset to the new email address could allow an attacker to take over any account. Published at: January 07, 2021 at 11:15PM View on website January 08, 2021 at 01:36AM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар