Monthly Archive: July 2019

cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). Date published : 2019-07-30 https://documentation.cpanel.net/display/CL/80+Change+Log

cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). Date published : 2019-07-30 https://documentation.cpanel.net/display/CL/82+Change+Log

cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). Date published : 2019-07-30 https://documentation.cpanel.net/display/CL/82+Change+Log

cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). Date published : 2019-07-30 https://documentation.cpanel.net/display/CL/82+Change+Log

cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). Date published : 2019-07-30 https://documentation.cpanel.net/display/CL/82+Change+Log

cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). Date published : 2019-07-30 https://documentation.cpanel.net/display/CL/82+Change+Log

cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). Date published : 2019-07-30 https://documentation.cpanel.net/display/CL/82+Change+Log

J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Date published : 2019-07-30 https://lib.openmpt.org/libopenmpt/2019/01/22/security-updates-0.4.2-0.3.15-0.2.11253-beta37-0.2.7561-beta20.5-p13-0.2.7386-beta20.3-p16/ http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00085.html

DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Date published : 2019-07-30 https://lib.openmpt.org/libopenmpt/2019/01/22/security-updates-0.4.2-0.3.15-0.2.11253-beta37-0.2.7561-beta20.5-p13-0.2.7386-beta20.3-p16/ http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00085.html

libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot. Date published : 2019-07-30 https://lib.openmpt.org/libopenmpt/2019/02/11/security-update-0.4.3/

libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. Date published : 2019-07-30 https://www.debian.org/security/2020/dsa-4729 https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/

A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings. Date published : 2019-07-30 Custom Simple Rss https://wpvulndb.com/vulnerabilities/9483

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute...

A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...