In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap...
An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack. Date published :...
In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts. Date published : 2020-02-18 https://www.exploit-db.com/exploits/47960 https://websec.nl/news.php
Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Date published : 2020-02-18 https://jvn.jp/en/jp/JVN89259622/index.html Easy Property Listings
Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing...
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. Date published : 2020-02-17 http://support.zabbix.com/browse/ZBX-6652
A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c. Date published : 2020-02-17 http://github.com/OpenSIPS/opensips/commit/54e027adfa486cfcf993828512b2e273aeb163c2
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. Date...
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. Date published : 2020-02-17 http://www.securityfocus.com/bid/70372 http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. Date published : 2020-02-17 http://www.securityfocus.com/bid/68844 http://ocert.org/advisories/ocert-2014-005.html
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of...
Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. Date published : 2020-02-17 http://www.securityfocus.com/bid/80035 http://www.openwall.com/lists/oss-security/2016/01/07/10
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an...
The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks...