Monthly Archive: February 2020

Zimbra 2013 has XSS in aspell.php Date published : 2020-02-12 http://www.openwall.com/lists/oss-security/2013/04/09/14 http://www.openwall.com/lists/oss-security/2013/04/09/15

Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to 7.x-1.2 Date published : 2020-02-12 http://drupal.org/node/1960338 http://www.openwall.com/lists/oss-security/2013/04/04/6

Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities Date published : 2020-02-12 https://www.exploit-database.net/?id=59355 https://www.securityfocus.com/bid/57514/info

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. Date published : 2020-02-12...

Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability Date published : 2020-02-12 http://packetstormsecurity.com/files/126882/Xilisoft-Video-Converter-Ultimate-7.8.1-build-20140505-DLL-Hijacking.html

The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP...

Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large...

SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter. Date published : 2020-02-12 http://packetstormsecurity.com/files/133082/Enorth-Webpublisher-CMS-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Aug/55

An exploitable information disclosure vulnerability exists in the ‘Secret Chats’ functionality of Rakuten Viber on Android 9.3.0.6. The ‘Secret Chats’ functionality allows a user to delete all traces of a chat either by using...

A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009,...

IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks....

IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID:...

The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2,...