Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI. Date published : 2019-09-22 http://packetstormsecurity.com/files/155578/Integard-Pro-NoJs-2.2.0.9026-Remote-Buffer-Overflow.html https://github.com/purpl3-f0x/exploit-dev/blob/master/nojs_integard.py
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. Date published : 2019-09-22 https://github.com/phpipam/phpipam/issues/2738
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. Date published : 2019-09-22 https://github.com/phpipam/phpipam/issues/2738
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. Date published : 2019-09-22 https://github.com/phpipam/phpipam/issues/2738
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. Date published : 2019-09-22 https://github.com/phpipam/phpipam/issues/2738
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. Date published : 2019-09-22 http://packetstormsecurity.com/files/154651/phpIPAM-1.4-SQL-Injection.html https://github.com/phpipam/phpipam/issues/2738
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (When in physical possession of the device, opening local files is...
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. Date published : 2019-09-21...
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. Date published : 2019-09-21 http://packetstormsecurity.com/files/154578/Gila-CMS-Local-File-Inclusion.html https://github.com/GilaCMS/gila/issues/33
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. Date published : 2019-09-21 https://github.com/yzmcms/yzmcms/issues/27
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. Date published : 2019-09-21 https://github.com/idreamsoft/iCMS/issues/76
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts....
An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element. Date published...
An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. Date published : 2019-09-21 https://github.com/thinksaas/ThinkSAAS/issues/20