Monthly Archive: July 2019

The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php. Date published : 2019-07-08 https://plugins.trac.wordpress.org/changeset/2119248 Rencontre – Dating Site

The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6. Date published : 2019-07-08 https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-strong_password-0-0-7/ https://github.com/bdmac/strong_password/releases

A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the method parameter. Date published :...

MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting...

MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user,...

MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to...

MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration...

In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This...

hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool. This method takes user-supplied input and can be...

Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process....

Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface. Date published : 2019-07-08 http://www.securityfocus.com/bid/109001...

** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x...

/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset. Date published : 2019-07-07 https://xor.cat/2019/06/19/fortinet-forticam-vulns/

Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/. Date published : 2019-07-07 https://xor.cat/2019/06/19/fortinet-forticam-vulns/