Monthly Archive: March 2020

It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an...

A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could...

Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82. Date published...

LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be...

BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash. Date published...

Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download. Date published : 2020-03-18 https://www.aquaforest.com/en/release_history.asp https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/

Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC. Date published : 2020-03-18 https://www.aquaforest.com/en/release_history.asp https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/

Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx. Date published : 2020-03-18 https://www.aquaforest.com/en/release_history.asp https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/

Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. Date published : 2020-03-18 https://kc.mcafee.com/corporate/index?page=content&id=SB10310

Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. Date published : 2020-03-18 https://kc.mcafee.com/corporate/index?page=content&id=SB10310

Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file. Date published : 2020-03-18 https://www.us-cert.gov/ics/advisories/icsa-20-077-01

Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation. Date published...

IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910. Date...

LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation. Date published : 2020-03-18 https://gist.github.com/tonykuo76/50350af9b77eb51f5ab55964a35f47f2 https://www.chtsecurity.com/news/2fd99e6e-819f-42b4-a7fe-6bc7eeae155c