In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. Date published : 2019-09-30 https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/1
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. Date published : 2019-09-30 https://security.netapp.com/advisory/ntap-20191031-0005/...
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. Date published : 2019-09-30 https://security.netapp.com/advisory/ntap-20191031-0005/ https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07f12b26e21ab359261bf75cfcb424fdc7daeb6d
In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve...
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. Date published : 2019-09-30 https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf Visualizer: Tables and Charts Manager for WordPress
Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0...
eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. Date published : 2019-09-30 https://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html https://sourceforge.net/projects/ebrigade/files/
eBrigade before 5.0 has evenements.php cid SQL Injection. Date published : 2019-09-30 https://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html https://sourceforge.net/projects/ebrigade/files/
eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. Date published : 2019-09-30 http://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html https://sourceforge.net/projects/ebrigade/files/
An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes....
An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes. Date published : 2019-09-30 https://blog.nirajkhatiwada.com.np/cve-2019-16683-stored-cross-site-scripting/ https://github.com/XOOPS/XoopsCore25/commits/master
Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call. Date published : 2019-09-30 http://blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676/ https://github.com/plataformatec/simple_form/commits/master
A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim’s cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI. Date...
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. Date published : 2019-09-30 https://github.com/golang/go/issues/34540 https://security.netapp.com/advisory/ntap-20191122-0004/