Monthly Archive: January 2020

Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action Date published : 2020-01-30 http://www.securityfocus.com/bid/58334 Verax NMS (2/3) – CVE-2013-1352 + CVE-2013-1631

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive. Date published : 2020-01-30 http://www.securityfocus.com/bid/58334 https://exchange.xforce.ibmcloud.com/vulnerabilities/82706

Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. Date published : 2020-01-30 http://www.securityfocus.com/bid/58334 Verax NMS (1/3) – CVE-2013-1351

Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities Date published : 2020-01-30 http://www.securityfocus.com/bid/58334 https://exchange.xforce.ibmcloud.com/vulnerabilities/82705

Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script. Date published : 2020-01-30 http://www.securityfocus.com/bid/58735 https://exchange.xforce.ibmcloud.com/vulnerabilities/83105

Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php. Date published : 2020-01-30 http://www.securityfocus.com/bid/58735 https://exchange.xforce.ibmcloud.com/vulnerabilities/83104

ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary code execution vulnerabilities Date published : 2020-01-30 http://www.securityfocus.com/bid/63862 https://exchange.xforce.ibmcloud.com/vulnerabilities/89185

NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability Date published : 2020-01-30 http://www.openwall.com/lists/oss-security/2013/02/15/3 http://www.securityfocus.com/bid/57957

Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3)...

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via the (1) find, (2)...

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing. Date published : 2020-01-30 https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d https://nodesecurity.io/advisories/93

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate...

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when...

Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when...