Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. Date published : 2020-02-12 https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1710 http://www.openwall.com/lists/oss-security/2020/02/12/3
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration...
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and...
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier...
Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted...
Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php. Date published : 2020-02-11 http://bugs.ariadne-cms.org/view.php?id=277 http://www.openwall.com/lists/oss-security/2012/03/09/4
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4. Date published : 2020-02-11 https://seclists.org/oss-sec/2012/q2/396
Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search...
Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS. Date published : 2020-02-11 http://www.openwall.com/lists/oss-security/2012/10/11/10 http://www.openwall.com/lists/oss-security/2013/07/10/19
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. Date published : 2020-02-11 https://www.htbridge.com/advisory/HTB23091 https://www.prestashop.com/download/old/changelog_1.4.9.0.txt
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php. Date published...
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. Date published : 2020-02-11 http://seclists.org/fulldisclosure/2012/Mar/4 http://sourceforge.net/tracker/?func=detail&aid=3496086&group_id=123602&atid=697109
A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter. Date published : 2020-02-11 https://packetstormsecurity.com/files/cve/CVE-2013-5988 https://www.securityfocus.com/archive/1/528962
Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a...