Monthly Archive: January 2020

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and...

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits...

Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php. Date published : 2020-01-29 http://www.openwall.com/lists/oss-security/2012/11/02/10 https://cxsecurity.com/issue/WLB-2012110007

contao prior to 2.11.4 has a sql injection vulnerability Date published : 2020-01-29 http://www.openwall.com/lists/oss-security/2012/08/31/14

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. Date published : 2020-01-29 https://www.securityfocus.com/archive/1/526552 https://exchange.xforce.ibmcloud.com/vulnerabilities/84062

Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the ‘full-name’ and ‘comment’ fields. Date published : 2020-01-29 http://www.securityfocus.com/bid/59688 https://exchange.xforce.ibmcloud.com/vulnerabilities/84060

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. Date published : 2020-01-29 http://www.exploit-db.com/exploits/24916/

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". Date published : 2020-01-29 http://www.exploit-db.com/exploits/24916/

vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. Date published : 2020-01-29 http://www.securityfocus.com/bid/61559 https://exchange.xforce.ibmcloud.com/vulnerabilities/86163

An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. Date published : 2020-01-29 http://www.coresecurity.com/advisories/foscam-ip-cameras-improper-access-restrictions...

A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code....

A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user...

A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code. Date...

A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream....