im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization. Date published : 2020-02-04 https://github.com/Turistforeningen/node-im-resize/commit/de624dacf6a50e39fe3472af1414d44937ce1f03 https://snyk.io/vuln/SNYK-JS-IMRESIZE-544183
network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument. Date published : 2020-02-04 https://snyk.io/vuln/SNYK-JS-NETWORKMANAGER-544035
phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be...
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors). Date published...
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections,...
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. Date published : 2020-02-04...
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. Date published :...
Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona. Date published...
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. Date published : 2020-02-04 https://hackerone.com/reports/496293
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. Date published : 2020-02-04 https://hackerone.com/reports/768574
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. Date published : 2020-02-04 https://hackerone.com/reports/447494 https://nextcloud.com/security/advisory/?id=NC-SA-2019-002
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. Date published : 2020-02-04 https://hackerone.com/reports/452854 https://nextcloud.com/security/advisory/?id=NC-SA-2019-003
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. Date published : 2020-02-04 https://hackerone.com/reports/605915 https://nextcloud.com/security/advisory/?id=NC-SA-2019-004
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. Date published : 2020-02-04 https://hackerone.com/reports/719426 https://nextcloud.com/security/advisory/?id=NC-SA-2019-012