CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. Date published : 2018-09-27 http://packetstormsecurity.com/files/149571/CMS-ISWEB-3.5.3-SQL-Injection.html https://cxsecurity.com/issue/WLB-2018090249
Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information. Date published :...
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this...
Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the...
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. Date published : 2018-09-26 https://inedo.com/blog/proget-50-beta5-released https://inedo.myjetbrains.com/youtrack/issue/PG-1118
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data. Date published : 2018-09-26 http://www.securityfocus.com/bid/105194 https://www.usa.philips.com/healthcare/about/customer-support/product-security
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more...
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any...
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of...
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. Date published : 2018-09-26 http://www.securityfocus.com/bid/105194 https://www.usa.philips.com/healthcare/about/customer-support/product-security
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is...
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request....
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel...
Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001,...