danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. Date published : 2020-02-22 https://www.debian.org/security/2020/dsa-4637 https://bugzilla.redhat.com/show_bug.cgi?id=1803499
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving...
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences...
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. Date...
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error...
Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly. Date published : 2020-02-22 http://support.sas.com/kb/65/358.html
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server...
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. Date published : 2020-02-22 https://github.com/J3rryBl4nks/CandidATS/blob/master/AddAdminUserCSRF.md
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter. Date published : 2020-02-22 https://github.com/J3rryBl4nks/eLection-TriPath-/blob/master/SQLiIntoRCE.md
SOPlanning 1.45 allows XSS via the Name or Comment to status.php. Date published : 2020-02-22 https://github.com/0xEmma/CVEs/blob/master/CVEs/2020-02-14-SoPlanning-Status-XSS.md
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. Date published : 2020-02-22 https://github.com/0xEmma/CVEs/blob/master/CVEs/2020-02-14-SoPlanning-Admin-XSS.md
fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> "message if election is closed" field. Date published : 2020-02-22 https://github.com/0xEmma/CVEs/blob/master/CVEs/eLection-2.0-XSS.md
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data...
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. Date published : 2020-02-21 http://vladz.devzero.fr/012_x11-common-vuln.html https://access.redhat.com/security/cve/cve-2012-1093