Monthly Archive: May 2019

lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section. Date published : 2019-05-13 https://github.com/jonschlinkert/remarkable/issues/331

Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges. Date published : 2019-05-13 https://go-review.googlesource.com/c/go/+/176619

The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF, as demonstrated by use of yp_remote_get to obtain admin access. Date published : 2019-05-13 Visual CSS Style Editor...

KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image. Date published : 2019-05-13 Patch Releases

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is...

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen. Date...

An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a n character, then the program runs into a heap-based buffer over-read. This occurs...

A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct...

eyeDisk implements the unlock feature by sending a cleartext password. The password can be discovered by sniffing USB traffic or by sending a 06 05 52 41 01 b0 00 00 00 00 00...

A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f,...

OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). Date published : 2019-05-10 https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html http://app.com

OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure. Date published : 2019-05-10 https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html http://app.com

OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation). Date published : 2019-05-10 http://openmrs-module-htmlformentry.com http://openmrs.com

Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login...