The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values. Date published : 2019-02-05 https://metamorfosec.com/Files/Advisories/METS-2019-003-Denial_of_Service_in_PS_PHPCaptcha_WP_before_v1.2.0.txt PS PHPCaptcha WP
An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI. Date published : 2019-02-05 https://github.com/panghusec/exploit/issues/9
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF. Date published : 2019-02-05 https://github.com/panghusec/exploit/issues/8
Rukovoditel before 2.4.1 allows XSS. Date published : 2019-02-05 https://blog.rukovoditel.net/rukovoditel-2-4-1/ https://www.exploit-db.com/exploits/46608/
On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured...
On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. Date published : 2019-02-05 http://www.securityfocus.com/bid/106942 https://support.f5.com/csp/article/K55101404
Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will...
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. Date published : 2019-02-05 http://www.securityfocus.com/bid/106722 https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01
WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. Date published : 2019-02-05 http://www.securityfocus.com/bid/106722 https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. Date published : 2019-02-05 http://www.securityfocus.com/bid/106722 https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01
Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object. Date published...
The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent...
Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server. Date...
An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not...