Monthly Archive: June 2020

** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting...

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi,...

** DISPUTED ** An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through...

An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that...

Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname operation. Date published : 2020-06-09 https://gist.github.com/kdrypr/5dac91c2d27c4dc82b1225dffa38f7a8

The SportsPress plugin before 2.7.2 for WordPress allows XSS. Date published : 2020-06-09 https://wpvulndb.com/vulnerabilities/10257

Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach. Date published : 2020-06-09 http://seclists.org/fulldisclosure/2020/Jun/14 http://packetstormsecurity.com/files/158000/RoyalTS-SSH-Tunnel-Authentication-Bypass.html

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. Date published : 2020-06-09 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1348

An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka ‘Visual Studio Code Live Share Information Disclosure Vulnerability’. Date published : 2020-06-09 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1343

A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka ‘NuGetGallery Spoofing Vulnerability’. Date published : 2020-06-09 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1340

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304,...

A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka ‘System Center Operations Manager Spoofing Vulnerability’. Date published :...

A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka ‘Microsoft Bing Search Spoofing Vulnerability’. Date published : 2020-06-09 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1329

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka ‘Azure DevOps Server HTML Injection Vulnerability’. Date published : 2020-06-09 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327