In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a ‘|’ character followed by a command. Date...
The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed...
XSS exists in Ping Identity Agentless Integration Kit before 1.5. Date published : 2019-07-11 https://support.pingidentity.com/s/document-item?bundleId=integrations&topicId=Integration_Kits%2FAgentless%2FagentlessIK_c_changelog.html http://seclists.org/fulldisclosure/2019/Aug/33
D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. Date published : 2019-07-11 ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/csrf.txt
D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter. Date published : 2019-07-11 ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/crosssitescripting.txt
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. Date published : 2019-07-11 ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/commandinjection.txt
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. Date published : 2019-07-11 ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/setupwizard.txt
hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. Date published : 2019-07-11 https://www.exploit-db.com/exploits/47034
@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS. Date published : 2019-07-11 https://github.com/nuxt/devalue/pull/8 https://github.com/nuxt/devalue/releases/tag/v1.2.3
The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. Date published : 2019-07-11 https://github.com/ivoschyk-cs/CVE-s/blob/master/Appointment%20Hour%20Booking%20%E2%80%93%20WordPress%20Booking%20Plugin%20–%20stored%20XSS Appointment Hour Booking – WordPress Booking Plugin
nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file. Date published : 2019-07-11 http://packetstormsecurity.com/files/153612/SNMPc-Enterprise-Edition-9-10-Mapping-Filename-Buffer-Overflow.html https://www.mogozobo.com/?p=3534
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into...
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. Date published : 2019-07-11 https://seclists.org/bugtraq/2019/Nov/30 https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access...