The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe...
In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in codersheic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the...
BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3. Date published : 2020-03-09 https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html
BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3. Date published : 2020-03-09 https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html
BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3. Date published : 2020-03-09 https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html
MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp. Date published : 2020-03-09 https://github.com/MISP/MISP/releases/tag/v2.4.123 https://github.com/MISP/MISP/commit/e24a9eb44c1306adb02c1508e8f266ac6b95b4ed
MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp. Date published : 2020-03-09 https://github.com/MISP/MISP/releases/tag/v2.4.123 https://github.com/MISP/MISP/commit/43a0757fb33769d9ad4ca09e8f2ac572f9f6a491
JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. Date published : 2020-03-09 https://github.com/paseto-toolkit/jpaseto/releases/tag/jpaseto-0.3.0
An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed...
An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose...
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of...
An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This...
An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This...
An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint. Date published : 2020-03-09 https://github.com/munkireport/munkireport-php/releases https://github.com/munkireport/munkireport-php/wiki/20200309-Authenticated-SQL-injection