In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads. Date published : 2018-11-30 https://support.lenovo.com/us/en/solutions/LEN-23800
An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send...
Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting’) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur...
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of...
An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL...
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of...
Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated...
Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature...
An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow,...
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker...
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management...
PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php. Date published : 2018-11-30 https://github.com/Athlon1600/php-proxy-app/issues/140 https://github.com/eddietcc/CVEnotes/blob/master/PHP-Proxy/RADME.md
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion. Date published : 2018-11-30 https://github.com/Athlon1600/php-proxy-app/issues/139 https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. Date published : 2018-11-30 https://lists.fedoraproject.org/archives/list/[email protected]/message/VUXKCY35PKC32IFHN4RBUCZ75OWEYVJH/ https://bugs.ghostscript.com/show_bug.cgi?id=700301