During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could...
index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. Date published : 2018-06-17 https://github.com/jaredhanson/oauth2orize-fprm/blob/master/SECURITY-NOTICE.md https://github.com/jaredhanson/oauth2orize-fprm/commit/2bf9faee787eb004abbdfb6f4cc2fb06653defd5
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. Date...
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. Date published : 2018-06-17 http://www.securityfocus.com/bid/104553...
Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword. Date published : 2018-06-17 https://gist.github.com/dmblbc/14a77036a9562407194c3cf3ee3f265e
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. Date published : 2018-06-17 https://www.exploit-db.com/exploits/44867/ Registration Forms – User...
PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data. Date published : 2018-06-17 http://releases.portswigger.net/2018/06/1734.html https://hackerone.com/reports/337680
tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h. Date published : 2018-06-16 https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_b53a457 https://github.com/syoyo/tinyexr/issues/82
tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h. Date published : 2018-06-16 https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_b53a457 https://github.com/syoyo/tinyexr/issues/81
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. Date published : 2018-06-16 https://www.nagios.com/downloads/nagios-fusion/change-log/
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. Date published...
User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. Date published...
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management....
The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it’s available to create an executable file with System privilege by...