CVE-2019-13146
The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can...
The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can...
The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%RazerSynapseDevicesRazer SurroundDriver. The DACL on this folder allows any user to overwrite contents of files in this...
A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Recipient...
An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards of another user in the...
TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. Date published : 2019-07-09 https://typo3.org/security/advisory/typo3-core-sa-2019-015/
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data. Date published : 2019-07-09 https://typo3.org/security/advisory/typo3-core-sa-2019-020/
HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for...
Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN. Date published : 2019-07-09 http://seclists.org/fulldisclosure/2019/Jul/8...
Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a crafted web page over HbbTV. Date published : 2019-07-09 http://seclists.org/fulldisclosure/2019/Jul/8 http://packetstormsecurity.com/files/153547/Sony-BRAVIA-Smart-TV-Denial-Of-Service.html
Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5. Date published : 2019-07-09 https://contao.org/en/news/security-vulnerability-cve-2019-11512.html
Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claim_files/claim_id_ URLs. Date published : 2019-07-09 http://ddrt.co.uk/complaint-handling-software/ https://domdomegg.github.io/CVE-2019-11020.pdf
Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/all_claim_detail.php?claim_id= URLs. Date published : 2019-07-09 http://ddrt.co.uk/complaint-handling-software/ https://domdomegg.github.io/CVE-2019-11019.pdf
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer’s...
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. Date published : 2019-07-08 https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed/