Monthly Archive: May 2020

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to...

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or...

Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths. Date published : 2020-05-04 https://github.com/sirdude/gurbalib/pull/38

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import. Date published : 2020-05-04 https://github.com/reportportal/reportportal/blob/master/SECURITY_ADVISORIES.md

rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. Date published : 2020-05-04 https://security.gentoo.org/glsa/202007-41 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube

Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. Date published : 2020-05-04 https://security.gentoo.org/glsa/202007-41 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12640-PHP%20Local%20File%20Inclusion-Roundcube

phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. Date published : 2020-05-04 https://github.com/phpList/phplist3/compare/3.5.2…3.5.3 phpList 3.5.3 released: Enable Matomo Analytics for your campaigns

include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. Date published : 2020-05-04 https://www.exploit-db.com/exploits/48413 https://github.com/osTicket/osTicket/compare/v1.14.1…v1.14.2

TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. Date published : 2020-05-04 [CVE-2020-12475] TP-Link Omada Controller Directory Traversal Vulnerability

A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of...

Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304. Date published : 2020-05-04 http://packetstormsecurity.com/files/157533/TP-LINK-Cloud-Cameras-NCXXX-SetEncryptKey-Command-Injection.html https://seclists.org/fulldisclosure/2020/May/4

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304,...

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450...

Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have...