GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. Date published : 2019-03-21 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1300 https://www.netsparker.com/web-applications-advisories/ns-18-056-open-redirection-vulnerability-in-getsimplecms/
The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. Date published : 2019-03-21 http://seclists.org/fulldisclosure/2019/Mar/43 https://lists.openwall.net/full-disclosure/2019/02/05/15
The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. Date published : 2019-03-21 http://seclists.org/fulldisclosure/2019/Mar/42 https://lists.openwall.net/full-disclosure/2019/02/05/14
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO. Date published : 2019-03-21 http://seclists.org/fulldisclosure/2019/Mar/41 https://lists.openwall.net/full-disclosure/2019/02/05/13
The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. Date published : 2019-03-21 http://seclists.org/fulldisclosure/2019/Mar/40 https://lists.openwall.net/full-disclosure/2019/02/05/12
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. Date published : 2019-03-21 http://seclists.org/fulldisclosure/2019/Mar/39 https://lists.openwall.net/full-disclosure/2019/02/05/11
The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. Date published : 2019-03-21 http://seclists.org/fulldisclosure/2019/Mar/38 https://lists.openwall.net/full-disclosure/2019/02/05/9
The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. Date published : 2019-03-21 http://seclists.org/fulldisclosure/2019/Mar/37 https://lists.openwall.net/full-disclosure/2019/02/05/8
An issue was discovered in libcdtdttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in libcgraphgraph.c in libcgraph.a, related to agfstsubg in libcgraphsubg.c. Date published : 2019-03-21 https://security.gentoo.org/glsa/202107-04 https://gitlab.com/graphviz/graphviz/issues/1512
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server...
Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. Date published : 2019-03-21 https://support.heimdalsecurity.com/hc/en-us/articles/360001084158-Release-2-5-172-PROD-Update
A code injection issue was discovered in ipycache through 2016-05-31. Date published : 2019-03-21 https://github.com/rossant/ipycache/issues/47
An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution. Date published : 2019-03-21 https://github.com/pytroll/donfig/commits/master https://github.com/pytroll/donfig/issues/5