An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an...
Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of...
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. Date published : 2020-06-21 https://github.com/concrete5/concrete5/pull/8651 https://github.com/concrete5/concrete5/releases/tag/8.5.3
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter, Date published : 2020-06-21 https://github.com/php-fusion/PHP-Fusion/commit/b3bde37f60e96f1a8ddd1439658307b28be77db5 https://github.com/php-fusion/PHP-Fusion/issues/2327
Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product...
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check. Date published : 2020-06-21 https://github.com/gogs/gogs/commit/82ff0c5852f29daa5f95d965fd50665581e7ea3c https://github.com/gogs/gogs/pull/5988
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a...
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. Date published : 2020-06-21...
Tendenci 12.0.10 allows unrestricted deserialization in appshelpdeskviewsstaff.py. Date published : 2020-06-21 https://github.com/tendenci/tendenci/issues/867
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. Date published : 2020-06-20 https://www.openwall.com/lists/oss-security/2020/06/20/1
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php. Date published : 2020-06-20 https://www.openwall.com/lists/oss-security/2020/06/20/1
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed. Date published...
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. Date published : 2020-06-19 https://mattermost.com/security-updates/