TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command. Date published : 2019-03-29 TP-Link TL-WR840N devices allow remote attackers...
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. Date published : 2019-03-29 https://extensions.joomla.org/extension/je-messenger/ https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9922.md
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. Date published : 2019-03-29 https://extensions.joomla.org/extension/je-messenger/ https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9921.md
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user. Date published : 2019-03-29 https://extensions.joomla.org/extension/je-messenger/...
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when...
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can...
Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code...
PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload. Date published : 2019-03-29 PHP Scripts Mall Online Lottery PHP Readymade...
PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions. Date published : 2019-03-29 PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request...
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the...
Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected...
An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account. Date published : 2019-03-29 https://github.com/hyyyp/HYBBS2/issues/3
The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions. Date published : 2019-03-29 https://github.com/fusioninventory/fusioninventory-for-glpi/commit/0f777f85773b18f5252e79afa1929fcdc4858c3a https://github.com/fusioninventory/fusioninventory-for-glpi/compare/260a864…e1f776d
Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type. Date published : 2019-03-29 https://github.com/cobub/razor/issues/168 https://github.com/kyrie403/Vuln/blob/master/Cobub%20Razor/Cobub%20Razor%20-%20file%20upload%20vulnerability.md