In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory. Date published :...
wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password. Date published : 2019-03-17 http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html http://seclists.org/fulldisclosure/2019/Jan/15
subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header. Date published : 2019-03-17 http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html http://seclists.org/fulldisclosure/2019/Jan/15
wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be...
The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS. Date published : 2019-03-17 http://packetstormsecurity.com/files/151466/Pages-For-Bitbucket-Server-2.6.0-Cross-Site-Scripting.html https://marketplace.atlassian.com/apps/1212525/pages-for-bitbucket-server/version-history
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user’s...
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users. Date published...
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body. Date published...
Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter. Date published : 2019-03-17 http://www.webmin.com/index.html http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html
ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which...
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. Date published : 2019-03-17 https://bestpractical.com/download-page https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/
A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface....
A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to...
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. Date published : 2019-03-17 https://docs.bmc.com/docs/ars91/en/release-notes-and-notices-609073037.html http://packetstormsecurity.com/files/151021/BMC-Remedy-ITAM-7.1.00-9.1.02.003-Information-Disclosure.html