IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317. Date published : 2019-03-05 http://www.securityfocus.com/bid/107300 https://www.ibm.com/support/docview.wss?uid=ibm10871766
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528. Date...
IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a...
UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in...
When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to...
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension. Date published : 2019-03-05 https://www.exploit-db.com/exploits/46486...
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device. Date published : 2019-03-05 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMA4H6AZFYIR3LA5VKKEJZNCCIVMUCFQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4YCFMSNMXZ7XC4U6WXPQA7JCXC6VOAJ/
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS. Date published : 2019-03-05 https://lists.openwall.net/full-disclosure/2019/02/05/6 https://security-consulting.icu/blog/2019/02/wordpress-blog2social-xss/
The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS. Date published : 2019-03-05 https://github.com/QuizandSurveyMaster/quiz_master_next/blob/master/CHANGELOG.md https://lists.openwall.net/full-disclosure/2019/02/05/5
The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role. Date published : 2019-03-05 http://www.securityfocus.com/bid/107464 WP...
The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications. Date published : 2019-03-05 http://www.securityfocus.com/bid/107464 WP Human Resource Management
SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type to application/zip, and placing PHP code after the...
An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter. Date published : 2019-03-05 https://github.com/yzmcms/yzmcms/issues/11
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number...