Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. All backend versions prior to prod-2018-11-13-15-00-42 are affected. Date published : 2019-06-28 Web...
On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers. Date published : 2019-06-28 http://seclists.org/fulldisclosure/2019/Jun/1 http://seclists.org/fulldisclosure/2019/Jun/1
Various Lexmark devices have a Buffer Overflow (issue 2 of 2). Date published : 2019-06-28 http://support.lexmark.com/index?page=content&id=TE892
Various Lexmark devices have a Buffer Overflow (issue 1 of 2). Date published : 2019-06-28 http://support.lexmark.com/index?page=content&id=TE892
LOYTEC LGATE-902 6.3.2 devices allow XSS. Date published : 2019-06-28 https://seclists.org/fulldisclosure/2019/Apr/12 http://seclists.org/fulldisclosure/2019/Apr/12
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. Date published : 2019-06-28 https://seclists.org/fulldisclosure/2019/Apr/12 http://seclists.org/fulldisclosure/2019/Apr/12
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. Date published : 2019-06-28 https://seclists.org/fulldisclosure/2019/Apr/12 http://seclists.org/fulldisclosure/2019/Apr/12
Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose...
The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST’s local file inclusion, which allows privileged authenticated users to read local files via a crafted...
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password....
Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted...
Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document...
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force...
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses...