Monthly Archive: July 2020

An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns...

An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors. Date...

An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors. Date published...

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting...

In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context...

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba...

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba....

SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. Date published : 2020-07-05 https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm

SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. Date published : 2020-07-05 https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm

SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. Date published : 2020-07-05 https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm

We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page. Date published : 2020-07-05 https://cxsecurity.com/issue/WLB-2020060010 https://packetstormsecurity.com/files/157887/We-Com-OpenData-CMS-2.0-SQL-Injection.html

SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field. Date published : 2020-07-05 https://cxsecurity.com/issue/WLB-2020060011 https://packetstormsecurity.com/files/157886/We-Com-Municipality-Portal-CMS-2.1.x-Cross-Site-Scripting-SQL-Injection.html

XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar. Date published : 2020-07-05 https://cxsecurity.com/issue/WLB-2020060011 https://packetstormsecurity.com/files/157886/We-Com-Municipality-Portal-CMS-2.1.x-Cross-Site-Scripting-SQL-Injection.html

An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box. Date published :...