Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info. Date published : 2019-07-07 https://xor.cat/2019/06/19/fortinet-forticam-vulns/
Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator’s SSL conversation. Date published : 2019-07-07 https://xor.cat/2019/06/19/fortinet-forticam-vulns/
Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi. Date published : 2019-07-07...
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels. Date published : 2019-07-07 https://github.com/ImageMagick/ImageMagick/commit/7c2c5ba5b8e3a0b2b82f56c71dfab74ed4006df7 https://github.com/ImageMagick/ImageMagick/issues/1588
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. Date published : 2019-07-07 http://www.securityfocus.com/bid/109090 https://www.debian.org/security/2020/dsa-4722
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device’s web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the...
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings. Date published : 2019-07-07 https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6
A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication. Date published : 2019-07-06 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10117 https://github.com/unh3x/unh3x.github.io/blob/master/_posts/2019-02-21-D-link-%28CWM-100%29-Multiple-Vulnerabilities.md
A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter. Date...
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL. Date...
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie’s username field allows eval injection, and an empty password bypasses authentication....
index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator. Date published : 2019-07-06 https://github.com/ignitedcms/ignitedcms/issues/7
Codedoc v3.2 has a stack-based buffer overflow in add_variable in codedoc.c, related to codedoc_strlcpy. Date published : 2019-07-06 https://github.com/michaelrsweet/codedoc/issues/5
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/...