CVE-2020-0012
In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is...
Monthly Archive: March 2020
CVE-2020-0011
In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is...
CVE-2020-0010
In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is...
CVE-2011-4538
Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings. Date published : 2020-03-09 http://contentdelivery.lexmark.com/webcontent/CVE-2011-4538.pdf
CVE-2011-3269
Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. Date published : 2020-03-09 http://contentdelivery.lexmark.com/webcontent/Email_shortcut_vulnerability.pdf
CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. Date published : 2020-03-09 https://labs.integrity.pt/advisories/cve-2014-1634/
CVE-2015-7968
nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI. Date published : 2020-03-09 https://labs.integrity.pt/advisories/cve-2015-7968/
CVE-2015-7344
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption]. Date published : 2020-03-09 https://labs.integrity.pt/advisories/cve-2015-7344/
CVE-2015-7343
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter. Date published : 2020-03-09 https://labs.integrity.pt/advisories/cve-2015-7343/
CVE-2015-7342
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. Date published : 2020-03-09 https://labs.integrity.pt/advisories/cve-2015-7342/
CVE-2015-7341
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. Date published : 2020-03-09 https://labs.integrity.pt/advisories/cve-2015-7341/
CVE-2015-7340
JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action. Date published : 2020-03-09 https://labs.integrity.pt/advisories/cve-2015-7340/
CVE-2015-7339
JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script. Date published : 2020-03-09 https://labs.integrity.pt/advisories/cve-2015-7339/
CVE-2015-7338
SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php. Date published : 2020-03-09 https://labs.integrity.pt/advisories/cve-2015-7338/