The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. Date published : 2020-02-11 http://git.qemu.org/?p=qemu.git;a=commitdiff;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the...
Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability Date published : 2020-02-11 http://www.securityfocus.com/bid/64023 https://exchange.xforce.ibmcloud.com/vulnerabilities/89352
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload Date published : 2020-02-11 https://exchange.xforce.ibmcloud.com/vulnerabilities/85011 https://exchange.xforce.ibmcloud.com/vulnerabilities/85012
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function’s linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by...
The %{password(…)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack. Date published : 2020-02-11...
YaBB through 2.5.2: ‘guestlanguage’ Cookie Parameter Local File Include Vulnerability Date published : 2020-02-11 http://www.openwall.com/lists/oss-security/2013/05/05/1 http://www.securityfocus.com/bid/59643
The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities Date published : 2020-02-11 http://www.securityfocus.com/bid/64004 https://exchange.xforce.ibmcloud.com/vulnerabilities/89358
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability Date published : 2020-02-11 https://exchange.xforce.ibmcloud.com/vulnerabilities/82563 https://www.securityfocus.com/bid/58303/info
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0...
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and...
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. Date published : 2020-02-11 http://www.exploit-db.com/exploits/24549 https://exchange.xforce.ibmcloud.com/vulnerabilities/82378
A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code. Date published :...
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. Date published : 2020-02-11 http://karmainsecurity.com/KIS-2015-06 http://seclists.org/fulldisclosure/2015/Nov/11