Monthly Archive: March 2019

AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter. Date published : 2019-03-06 https://github.com/source-trace/appcms/issues/1

BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request. Date published : 2019-03-06 https://github.com/8test/pentest/issues/1

A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Date published : 2019-03-06 https://www.exploit-db.com/exploits/46666/ http://packetstormsecurity.com/files/152431/ShoreTel-Connect-ONSITE-Cross-Site-Scripting-Session-Fixation.html

A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Date published : 2019-03-06 https://www.exploit-db.com/exploits/46666/ http://packetstormsecurity.com/files/152431/ShoreTel-Connect-ONSITE-Cross-Site-Scripting-Session-Fixation.html

A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter. Date published : 2019-03-06 https://www.exploit-db.com/exploits/46666/ http://packetstormsecurity.com/files/152431/ShoreTel-Connect-ONSITE-Cross-Site-Scripting-Session-Fixation.html

An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It allows remote attackers to cause a denial of service (persistent failure mode) by sending a series of x19xb2x00x00x00x06x43x01x00xacxffx00 (aka UID 0x43) requests to...

There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an...

There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker...

There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker...

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions...

A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The...

A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete...

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate...