An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. Date published...
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the ‘name’ parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto...
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area. Date published : 2019-06-19 https://github.com/94fzb/zrlog/issues/38 https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this...
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user...
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices has a Buffer Overflow. Date published : 2019-06-19 https://fortiguard.com/zeroday/FG-VD-18-036 https://www.sony.co.uk/electronics/support/articles/00201041
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal. Date published : 2019-06-19 https://fortiguard.com/zeroday/FG-VD-18-036 https://www.sony.co.uk/electronics/support/articles/00201041
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection. Date published : 2019-06-19 https://fortiguard.com/zeroday/FG-VD-18-036 https://www.sony.co.uk/electronics/support/articles/00201041
In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files...
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an ‘
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other...
An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL...
An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of...
An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An integer overflow in the jp2 parsing library allows an attacker to overwrite memory and to execute arbitrary code. Date published : 2019-06-19 https://github.com/ereisr00/bagofbugz/tree/master/CorelPaintShop2019