Monthly Archive: February 2020

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit...

The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. Date published : 2020-02-14 Ninja Forms – The Contact Form Builder That Grows With You https://spider-security.co.uk/blog-cve-cve-2020-8594

An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. Date published : 2020-02-14 https://hackerone.com/reports/660563

An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. Date published : 2020-02-14 https://hackerone.com/reports/660565

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from...

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution....

ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for iOS prior to version 1.2.01) allows an attacker on the same network segment to bypass authentication and to view the...

Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information disclosure vulnerability. Date published : 2020-02-13 http://www.securityfocus.com/bid/57140 http://www.openwall.com/lists/oss-security/2013/01/03/10

Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. Date published : 2020-02-13 http://www.openwall.com/lists/oss-security/2012/12/04/6

XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter. Date published : 2020-02-13 https://web.archive.org/web/20160317182930/http://www.cloudscan.me/2013/03/cve-2012-1903-stored-xss-javascript.html

Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code. Date published : 2020-02-13 https://www.exploit-db.com/exploits/21052 https://web.archive.org/web/20121014055829/http://www.cloudscan.me/2012/09/cve-2012-1500-ghs-5375-ghs-5642.html

MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. Date published : 2020-02-13 http://seclists.org/fulldisclosure/2014/Apr/21 https://www.securityfocus.com/archive/1/531713

Belkin n750 routers have a buffer overflow. Date published : 2020-02-13 https://pixels.camp/marcovazpt

OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. Date published : 2020-02-13 http://www.infradead.org/openconnect/changelog.html