A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating...
Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files. Date published : 2020-02-20 https://www.us-cert.gov/ics/advisories/icsa-20-049-01
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows...
openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running...
Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2020-02-20 https://helpx.adobe.com/security/products/after_effects/apsb20-09.html
Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . Date published : 2020-02-20 https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html https://www.zerodayinitiative.com/advisories/ZDI-20-331/
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. Date published : 2020-02-19 http://marc.info/?l=oss-security&m=130923704824984&w=2 https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2498.html
Nokogiri before 1.5.4 is vulnerable to XXE attacks Date published : 2020-02-19 https://github.com/sparklemotion/nokogiri/issues/693 https://nokogiri.org/CHANGELOG.html#154-2012-06-12
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. Date published : 2020-02-19 ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf http://www.exploit-db.com/exploits/22930/
Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an...
A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting. Date published : 2020-02-19 https://packetstormsecurity.com/files/111185/Wolf-CMS-0.75-Persistent-Cross-Site-Scripting.html
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. Date published...
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2020-02-19 http://www.openwall.com/lists/oss-security/2013/04/28/3 http://www.openwall.com/lists/oss-security/2013/04/29/11
Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. Date published : 2020-02-19...