An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. Date published : 2020-02-04 https://hackerone.com/reports/427835 https://nextcloud.com/security/advisory/?id=NC-SA-2019-014
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. Date published : 2020-02-04 https://hackerone.com/reports/439828 https://nextcloud.com/security/advisory/?id=NC-SA-2020-013
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. Date published : 2020-02-04 https://github.com/advisories/GHSA-ff7x-qrg7-qggm...
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of...
A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To...
An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result...
An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of...
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM...
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers. Date published : 2020-02-03...
Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access. Date published : 2020-02-03 https://www.securityfocus.com/bid/59727 http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html
Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. Date published : 2020-02-03 http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html https://exchange.xforce.ibmcloud.com/vulnerabilities/84094
TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability. Date published : 2020-02-03 https://www.securityfocus.com/bid/59472
TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php. Date published : 2020-02-03 https://packetstormsecurity.com/files/121128/TinyWebGallery-1.8.9-Path-Disclosure.html...