A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0596, CVE-2019-0597, CVE-2019-0598,...
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique...
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591,...
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0590, CVE-2019-0593,...
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0591, CVE-2019-0593,...
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka ‘Microsoft Office Security...
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. Date published : 2019-03-04...
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted...
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission. Date published : 2019-03-04 https://lists.openwall.net/full-disclosure/2019/02/05/4 https://security-consulting.icu/blog/2019/02/wordpress-forminator-persistent-xss-blind-sql-injection/
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. Date published : 2019-03-04 https://lists.openwall.net/full-disclosure/2019/02/05/4 https://security-consulting.icu/blog/2019/02/wordpress-forminator-persistent-xss-blind-sql-injection/
FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request. Date published : 2019-03-04 http://www.iwantacve.cn/index.php/archives/127/
Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or...
In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the contact application mishandles temporary uploads. Date published : 2019-03-04 http://git.bluemind.net/bluemind/commit/b11aa12d3c2f4c5dac4f9059f8b6bac1bf873244 https://forum.bluemind.net/viewtopic.php?pid=8049#p8049
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process may be able to...