A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Date published : 2019-05-20 http://www.securityfocus.com/bid/108437 https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10076
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header. Date published : 2019-05-19 https://github.com/fekberg/GoHttp/issues/18
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST...
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136....
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF)...
Improper directory permissions in the installer for Intel(R) PROSet/Wireless WiFi Software version 20.100 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. Date published : 2019-05-17 http://www.securityfocus.com/bid/108387...
An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could...
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol. Date published : 2019-05-17 http://packetstormsecurity.com/files/160516/GitLab-11.4.7-Remote-Code-Execution.html http://packetstormsecurity.com/files/160699/GitLab-11.4.7-Remote-Code-Execution.html
An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php. Date published : 2019-05-17 https://github.com/openemr/openemr/commit/4963fe4932a0a4e1e982642226174e9931d09541 https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#5.0.1_Patch_.289.2F9.2F18.29
An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php. Date published : 2019-05-17 https://github.com/openemr/openemr/commit/4963fe4932a0a4e1e982642226174e9931d09541 https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#5.0.1_Patch_.289.2F9.2F18.29
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php. Date published : 2019-05-17 https://github.com/openemr/openemr/commit/3e22d11c7175c1ebbf3d862545ce6fee18f70617 https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#5.0.1_Patch_.289.2F9.2F18.29
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load...
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php. Date published : 2019-05-17 https://www.exploit-db.com/exploits/46429/ http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype. Date published : 2019-05-17 https://www.exploit-db.com/exploits/46425/ http://seclists.org/fulldisclosure/2019/Feb/45