OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO’s web interface lacks CSRF protection. Date published : 2019-03-31 http://lists.openmicroscopy.org.uk/pipermail/ome-users/2014-November/004871.html https://www.openmicroscopy.org/security/advisories/2014-SV3-csrf/
Domoticz before 4.10579 neglects to categorize n and r as insecure argument options. Date published : 2019-03-31 https://www.exploit-db.com/exploits/46773/ http://packetstormsecurity.com/files/152678/Domoticz-4.10577-Unauthenticated-Remote-Command-Execution.html
treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions. Date published : 2019-03-31 https://github.com/hoene/libmysofa/commit/d39a171e9c6a1c44dbdf43f9db6c3fbd887e38c1 https://github.com/hoene/libmysofa/compare/49aa1c7…2ed84bb
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp. Date published : 2019-03-31 https://www.exploit-db.com/exploits/46773/ http://packetstormsecurity.com/files/152678/Domoticz-4.10577-Unauthenticated-Remote-Command-Execution.html
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. Date published : 2019-03-30 https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI. Date published : 2019-03-30 https://github.com/scarvell/grandstream_exploits https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1
On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. Date published : 2019-03-30 https://github.com/scarvell/grandstream_exploits https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1
Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. Date published : 2019-03-30 https://github.com/scarvell/grandstream_exploits https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1
Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field. Date published : 2019-03-30 https://github.com/scarvell/grandstream_exploits https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1
Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call. Date published : 2019-03-30 https://github.com/scarvell/grandstream_exploits https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1
Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request. Date published : 2019-03-30 https://github.com/scarvell/grandstream_exploits https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call. Date published : 2019-03-30 https://github.com/scarvell/grandstream_exploits https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a...
The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a...