BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file. Date published : 2019-03-29 https://coreymhudson.github.io/bwa_vulnerabilties/ https://github.com/lh3/bwa/pull/232
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and...
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters. Date published : 2019-03-28 http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/ https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md
LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. Date published : 2019-03-28 https://cert.enea.pl/advisories/cert-190101.html https://github.com/librenms/librenms/commits/master/html/ajax_table.php
GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control. Date published : 2019-03-28 https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/ https://about.gitlab.com/blog/categories/releases/
An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous...
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset...
PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount. Date published : 2019-03-28 PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount:[CVE-2019-9864]
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. Date published : 2019-03-28 Security Disclosures http://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html
Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API. Date published : 2019-03-28 Security Disclosures http://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html
Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues. Date published : 2019-03-28 Security Disclosures http://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. Date published : 2019-03-28 https://www.nagios.com/downloads/nagios-xi/change-log/ Security Disclosures
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. Date published : 2019-03-28 https://www.nagios.com/downloads/nagios-xi/change-log/ Security Disclosures
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. Date published : 2019-03-28 https://www.nagios.com/downloads/nagios-xi/change-log/ Security Disclosures