The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued. Date published : 2020-03-27 http://avveng.com/cve.html https://plugins.trac.wordpress.org/log/custom-searchable-data-entry-system/
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. Date published : 2020-03-27...
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data. Date published : 2020-03-27 https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71...
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. Date published : 2020-03-27 https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71 https://www.twcert.org.tw/tw/cp-132-3449-c87d8-1.html
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. Date published : 2020-03-27 https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71 https://www.twcert.org.tw/tw/cp-132-3448-76a35-1.html
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination...
Python-apt doesn’t check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn’t be allowed and...
python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages...
An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL...
The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. Date published : 2020-03-26 https://github.com/plegall/Piwigo-community/issues/49 https://piwigo.org/ext/extension_view.php?eid=303
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function. Date published : 2020-03-26 https://github.com/Piwigo/Piwigo/issues/1168 http://packetstormsecurity.com/files/159191/Piwigo-2.10.1-Cross-Site-Scripting.html
Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn’t perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in...
Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to...
An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update...