Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request. Date published : 2020-02-03 https://www.isecauditors.com/advisories-2013#2013-009 https://exchange.xforce.ibmcloud.com/vulnerabilities/84685
Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php. Date published : 2020-02-03 http://www.securityfocus.com/bid/60288 https://www.isecauditors.com/advisories-2013#2013-009
Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php. Date published : 2020-02-03 https://packetstormsecurity.com/files/123557/Uebimiau-2.7.11-Cross-Site-Scripting-Open-Redirection.html https://exchange.xforce.ibmcloud.com/vulnerabilities/87807
Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. Date published : 2020-02-03 http://www.securityfocus.com/bid/60290 https://www.isecauditors.com/advisories-2013#2013-009
The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request. Date published : 2020-02-03 http://typo3.org/extensions/repository/view/dce...
A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. Date published : 2020-02-03 https://lists.apple.com/archives/security-announce/2016/Oct/msg00002.html http://seclists.org/fulldisclosure/2016/Oct/89
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the...
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol....
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order...
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. Date published : 2020-02-03 https://auth0.com/docs/security/bulletins/cve-2019-20174 https://github.com/auth0/lock/releases/tag/v11.21.0
An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access...
Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service. Date published : 2020-02-03 https://support.bromium.com/s/article/Bromium-Secure-Platform-4-1-Update-7-Released https://airbus-cyber-security.com/dive-into-a-kernel-bromium-race-condition-cve-2019-18567
In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0. Date published : 2020-02-03 https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=52 https://www.unisys.com/offerings/security-solutions/unisys-stealth-products-and-services
The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request. Date published : 2020-02-03 https://exploit-db.com/exploits/47958