SB19-084: Vulnerability Summary for the Week of March 18, 2019

apache — hadoop
  In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms. 2019-03-21 not yet calculated CVE-2018-11767
MLIST
MLIST
MLIST apache — heron
  When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd. 2019-03-21 not yet calculated CVE-2018-11789
BID
MLIST apache — karaf
  Apache Karaf kar deployer reads .kar archives and extracts the paths from the “repository/” and “resources/” entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn’t do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with “..” directory names and break out of the directories to write arbitrary content to the filesystem. This is the “Zip-slip” vulnerability – https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted. 2019-03-21 not yet calculated CVE-2019-0191
BID
MLIST audiocodes — ip_phone_420hd_devices
  AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution. 2019-03-21 not yet calculated CVE-2018-10093
MISC
MISC
MISC audiocodes — ip_phone_420hd_devices
  AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS. 2019-03-21 not yet calculated CVE-2018-10091
MISC
MISC barracuda — vpn_client The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. 2019-03-21 not yet calculated CVE-2019-6724
CONFIRM
MISC
CONFIRM bash — bash
  rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. 2019-03-22 not yet calculated CVE-2019-9924
MISC
MISC blackberry — athoc
  An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field. 2019-03-21 not yet calculated CVE-2019-8997
MISC blogengine.net — blogengine.net
  An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user. 2019-03-21 not yet calculated CVE-2019-6714
MISC
MISC
MISC
EXPLOIT-DB bmc — remedy_mid-tier
  BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. 2019-03-21 not yet calculated CVE-2018-18862
MISC
MISC
CONFIRM chinamobile — plc_wireless_router ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. 2019-03-21 not yet calculated CVE-2019-6282
MISC
MISC
EXPLOIT-DB
MISC chinamobile — plc_wireless_router
  ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. 2019-03-21 not yet calculated CVE-2019-6279
MISC
MISC
EXPLOIT-DB
MISC cisco — ip_phone_7800_series_and_ip_phone_8800_series
  A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series. 2019-03-22 not yet calculated CVE-2019-1716
CISCO cisco — ip_phone_8800_series A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 12.5(1)SR1. 2019-03-22 not yet calculated CVE-2019-1766
CISCO cisco — ip_phone_8800_series A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. 2019-03-22 not yet calculated CVE-2019-1765
CISCO cisco — ip_phone_8800_series
  A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected. 2019-03-22 not yet calculated CVE-2019-1763
CISCO cisco — ip_phone_8800_series
  A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected. 2019-03-22 not yet calculated CVE-2019-1764
CISCO ckeditor — ckeditor
  plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. 2019-03-21 not yet calculated CVE-2019-9870
MISC
MISC controlbyweb — x-320m-i_web-enabled instrumentation-grade_data_acquisition_module A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. 2019-03-21 not yet calculated CVE-2018-18882
BID
MISC controlbyweb — x-320m-i_web-enabled instrumentation-grade_data_acquisition_module
  A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. 2019-03-21 not yet calculated CVE-2018-18881
BID
MISC core_ftp — core_ftp An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date. 2019-03-22 not yet calculated CVE-2019-9649
CONFIRM
BID
FULLDISC
EXPLOIT-DB core_ftp — core_ftp
  An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information. 2019-03-22 not yet calculated CVE-2019-9648
CONFIRM
BID
FULLDISC
EXPLOIT-DB coturn — coturn
  An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server. 2019-03-21 not yet calculated CVE-2018-4059
MISC coturn — coturn
  An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability. 2019-03-21 not yet calculated CVE-2018-4058
MISC cujo — smart_firewall
  An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. 2019-03-21 not yet calculated CVE-2018-3985
MISC cujo — smart_firewall
  An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. 2019-03-21 not yet calculated CVE-2018-4003
MISC cujo — smart_firewall
  An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry. 2019-03-21 not yet calculated CVE-2018-3963
MISC cujo — smart_firewall
  An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the “RDLENGTH” value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. 2019-03-21 not yet calculated CVE-2018-4011
MISC cujo — smart_firewall
  An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The “Host” header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability. 2019-03-21 not yet calculated CVE-2018-4030
MISC cujo — smart_firewall
  An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf. 2019-03-21 not yet calculated CVE-2018-3969
MISC denx — das_u-boot
  An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot’s verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot. 2019-03-21 not yet calculated CVE-2018-3968
MISC digi — transport_lr54
  Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with ‘super’ CLI access privileges to bypass a restricted shell and execute arbitrary commands as root. 2019-03-21 not yet calculated CVE-2018-20162
MISC
MISC
MISC donfig — donfig An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution. 2019-03-21 not yet calculated CVE-2019-7537
MISC
MISC doorkeeper — openidconnect
  Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the ‘openid’ scope and a prompt=none value. This allows phishing attacks against the authorization flow. 2019-03-21 not yet calculated CVE-2019-9837
MISC
MISC
MISC envoy — passport_for_android_and_passport_for_iphone
  Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information. 2019-03-21 not yet calculated CVE-2018-17500
XF ericsson — active_library_explorer
  XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the “/cgi-bin/alexserv” servlet, as demonstrated by the DB, FN, fn, or id parameter. 2019-03-21 not yet calculated CVE-2019-7417
MISC
FULLDISC
MISC fatek — automation_pm_designer_and_automation_fv_designer
  A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. 2019-03-21 not yet calculated CVE-2016-5800
MISC flexera_software — flexnet_publisher A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. 2019-03-21 not yet calculated CVE-2018-20034
CONFIRM flexera_software — flexnet_publisher A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. 2019-03-21 not yet calculated CVE-2018-20032
CONFIRM flexera_software — flexnet_publisher
  A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. 2019-03-21 not yet calculated CVE-2018-20031
CONFIRM gl.inet — gl-ar300m-lite_devices Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. 2019-03-21 not yet calculated CVE-2019-6275
MISC
EXPLOIT-DB gl.inet — gl-ar300m-lite_devices Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. 2019-03-21 not yet calculated CVE-2019-6274
MISC
EXPLOIT-DB gl.inet — gl-ar300m-lite_devices download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. 2019-03-21 not yet calculated CVE-2019-6273
MISC
EXPLOIT-DB gl.inet — gl-ar300m-lite_devices
  Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. 2019-03-21 not yet calculated CVE-2019-6272
MISC
EXPLOIT-DB gnu — tar
  pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. 2019-03-22 not yet calculated CVE-2019-9923
MISC
MISC
MISC graphviz — graphviz
  An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. 2019-03-21 not yet calculated CVE-2019-9904
MISC
MISC heimdal_security — thor_agent
  Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. 2019-03-21 not yet calculated CVE-2019-8351
MISC hms_industrial_networks — netbiter_ws100_devices
  HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form. 2019-03-21 not yet calculated CVE-2018-19694
MISC
MISC
CONFIRM
MISC hospira — symbiq_infusion_system
  Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger “unanticipated operations” by leveraging “elevated privileges” for an unspecified call to an incorrectly exposed function. 2019-03-23 not yet calculated CVE-2015-3965
MISC hostapd — hostapd
  hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. 2019-03-23 not yet calculated CVE-2016-10743
MISC humhub — humhub A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS. 2019-03-21 not yet calculated CVE-2019-9094
MISC humhub — humhub
  A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS. 2019-03-21 not yet calculated CVE-2019-9093
MISC ibm — api_connect
  IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544. 2019-03-22 not yet calculated CVE-2019-4052
CONFIRM
XF ibm — content_navigator
  IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001. 2019-03-22 not yet calculated CVE-2019-4035
CONFIRM
XF ibm — db2_for_linux_and_unix_and_windows
  IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014. 2019-03-21 not yet calculated CVE-2019-4094
XF
CONFIRM ibm — power_9_systems
  The IBM Power 9 OP910, OP920, and FW910 boot firmware’s bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system’s hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345. 2019-03-21 not yet calculated CVE-2018-1992
XF
CONFIRM ibm — websphere_mq
  IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661. 2019-03-21 not yet calculated CVE-2018-1836
BID
XF
CONFIRM imagemagick — imagemagick
  In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. 2019-03-23 not yet calculated CVE-2019-9956
BID
MISC insteon — hub
  An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 – Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request At 0x9d014dd8 the value for the id key is copied using strcpy to the buffer at $sp+0x290. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. 2019-03-21 not yet calculated CVE-2017-16253
MISC insteon — hub
  An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 – Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at At 0x9d014e84 the value for the cmd1 key is copied using strcpy to the buffer at $sp+0x280. This buffer is 16 bytes large. 2019-03-21 not yet calculated CVE-2017-16255
MISC insteon — hub
  An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 – Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. 2019-03-21 not yet calculated CVE-2017-16254
MISC invoiceplane — invoiceplane
  InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the “PDF password” field to the “Create Invoice” option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255. 2019-03-21 not yet calculated CVE-2019-7223
MISC iobit — smart_defrag
  SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. This kernel pointer can be leaked if the kernel pool becomes a “big” pool. 2019-03-21 not yet calculated CVE-2019-6492
MISC ipycache — ipycache A code injection issue was discovered in ipycache through 2016-05-31. 2019-03-21 not yet calculated CVE-2019-7539
CONFIRM jiofi — 4g_m2s_devices JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). 2019-03-21 not yet calculated CVE-2019-7440
MISC kentix — multisensor-lan_devices
  Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel. 2019-03-21 not yet calculated CVE-2018-19783
MISC
MISC kill-port — kill-port If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2. 2019-03-21 not yet calculated CVE-2019-5414
MISC lenovo — dynamic_power_reduction_utility
  An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges. 2019-03-17 not yet calculated CVE-2019-6149
BID
CONFIRM libseccomp — libseccomp
  libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations. 2019-03-21 not yet calculated CVE-2019-9893
MISC
MISC libsndfile — libsndfile
  It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. 2019-03-21 not yet calculated CVE-2019-3832
CONFIRM
CONFIRM
CONFIRM libssh2 — libssh2 An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. 2019-03-21 not yet calculated CVE-2019-3858
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISC libssh2 — libssh2 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. 2019-03-21 not yet calculated CVE-2019-3859
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISC libssh2 — libssh2 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. 2019-03-21 not yet calculated CVE-2019-3862
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISC libssh2 — libssh2
  An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. 2019-03-21 not yet calculated CVE-2019-3855
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISC limesurvey — limesurvey
  The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. 2019-03-23 not yet calculated CVE-2019-9960
MISC linux — kernel
  In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service. 2019-03-21 not yet calculated CVE-2019-9857
BID
MISC
MISC linux — kernel
  The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. 2019-03-21 not yet calculated CVE-2018-19985
MISC
MISC
MISC
MISC
MISC linux — kernel
  An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. 2019-03-21 not yet calculated CVE-2018-20669
MISC
MLIST
MLIST
BID
MISC linux — kernel
  The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. 2019-03-21 not yet calculated CVE-2019-7222
SUSE
MISC
MLIST
BID
CONFIRM
CONFIRM
MISC
FEDORA
FEDORA linux — kernel
  The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. 2019-03-21 not yet calculated CVE-2019-7221
SUSE
MISC
MISC
CONFIRM
CONFIRM
MISC
FEDORA
FEDORA localhost-now — localhost-now
  A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server. 2019-03-21 not yet calculated CVE-2019-5416
MISC logonbox — nervepoint_access_manager
  An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request. 2019-03-21 not yet calculated CVE-2019-6716
MISC
EXPLOIT-DB
MISC mailcleaner — mailcleaner_community_edition
  www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands. 2019-03-21 not yet calculated CVE-2018-20323
MISC
MISC mastercard — qkr!_with_masterpass
  The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier. 2019-03-21 not yet calculated CVE-2019-6702
MISC
FULLDISC
MISC
MISC morgan — morgan
  An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. 2019-03-21 not yet calculated CVE-2019-5413
MISC moxa — oncell_g3100v2_series_and_oncell g3111/g3151/g3211/g3251_series
  Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user?s browser within the trust relationship between their browser and the server. 2019-03-21 not yet calculated CVE-2016-5819
MISC moxa — softcms
  Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. 2019-03-21 not yet calculated CVE-2015-6457
MISC moxa — softcms
  Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. 2019-03-21 not yet calculated CVE-2015-6458
MISC mybb — mybb
  In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page. 2019-03-21 not yet calculated CVE-2018-14724
EXPLOIT-DB mybb — mybb
  Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject. 2019-03-21 not yet calculated CVE-2018-14575
MISC
MISC
MISC netapp — service_processor
  Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. 2019-03-21 not yet calculated CVE-2019-5490
CONFIRM netiq — edirectory
  NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security. 2019-03-21 not yet calculated CVE-2016-9166
CONFIRM nokia — 8810_4g_devices
  A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device. 2019-03-21 not yet calculated CVE-2019-7386
MISC
FULLDISC
MISC
MISC
MISC open-xchange — ox_app_suite
  OX App Suite 7.8.4 and earlier allows SSRF. 2019-03-21 not yet calculated CVE-2018-13103
MISC
MISC open-xchange — ox_app_suite
  OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID) 2019-03-21 not yet calculated CVE-2018-13104
MISC
MISC opentext — portal
  Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. 2019-03-22 not yet calculated CVE-2018-20165
MISC opera_software — opera
  Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed. 2019-03-21 not yet calculated CVE-2018-18913
CONFIRM
MISC patlite — nbm-d88n_and_nhl-3fb1_and_nhl-3fv1n_devices
  A hidden backdoor on PATLITE NBM-D88N, NHL-3FB1, and NHL-3FV1N devices allows attackers to enable an SSH daemon via the “kankichi” or “kamiyo4” password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system. 2019-03-21 not yet calculated CVE-2018-18473
MISC phpscriptsmall.com — advance_crowdfunding_script PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. 2019-03-21 not yet calculated CVE-2018-20630
MISC phpscriptsmall.com — basic_b2b_script PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. 2019-03-21 not yet calculated CVE-2018-20644
MISC phpscriptsmall.com — basic_b2b_script PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field. 2019-03-21 not yet calculated CVE-2018-20645
MISC phpscriptsmall.com — basic_b2b_script PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory. 2019-03-21 not yet calculated CVE-2018-20646
MISC phpscriptsmall.com — car_rental_script PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory. 2019-03-21 not yet calculated CVE-2018-20647
MISC phpscriptsmall.com — charity_foundation_script PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. 2019-03-21 not yet calculated CVE-2018-20628
MISC phpscriptsmall.com — charity_foundation_script PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. 2019-03-21 not yet calculated CVE-2018-20629
MISC phpscriptsmall.com — chartered_accountant PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field. 2019-03-21 not yet calculated CVE-2018-20637
MISC phpscriptsmall.com — chartered_accountant PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. 2019-03-21 not yet calculated CVE-2018-20638
MISC phpscriptsmall.com — chartered_accountant PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field. 2019-03-21 not yet calculated CVE-2018-20636
MISC phpscriptsmall.com — consumer_reviews_script PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box. 2019-03-21 not yet calculated CVE-2018-20627
MISC phpscriptsmall.com — consumer_reviews_script
  PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. 2019-03-21 not yet calculated CVE-2018-20626
MISC phpscriptsmall.com — entrepreneur_job_portal_script PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field. 2019-03-21 not yet calculated CVE-2018-20642
MISC phpscriptsmall.com — entrepreneur_job_portal_script PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar. 2019-03-21 not yet calculated CVE-2018-20639
MISC phpscriptsmall.com — entrepreneur_job_portal_script PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. 2019-03-21 not yet calculated CVE-2018-20641
MISC phpscriptsmall.com — entrepreneur_job_portal_script PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field. 2019-03-21 not yet calculated CVE-2018-20640
MISC phpscriptsmall.com — entrepreneur_job_portal_script PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. 2019-03-21 not yet calculated CVE-2018-20643
MISC phpscriptsmall.com — opensource_classified_ads_script PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory. 2019-03-21 not yet calculated CVE-2019-7436
MISC phpscriptsmall.com — opensource_classified_ads_script PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form. 2019-03-21 not yet calculated CVE-2019-7435
MISC phpscriptsmall.com — opensource_classified_ads_script PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field. 2019-03-21 not yet calculated CVE-2019-7437
MISC phpscriptsmall.com — rental_bike_script PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section. 2019-03-21 not yet calculated CVE-2019-7432
MISC phpscriptsmall.com — website_seller_script
  PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file. 2019-03-21 not yet calculated CVE-2018-20631
MISC plohni — advanced_comment_system
  internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued. 2019-03-21 not yet calculated CVE-2018-18845
MISC
MISC poppler — poppler
  PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. 2019-03-21 not yet calculated CVE-2019-9903
MISC
MISC powerdns — authoritative_server
  A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response 2019-03-21 not yet calculated CVE-2019-3871
MLIST
BID
CONFIRM
MISC printeron — enterprise
  PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) “Machine Host Name” or “Server Serial Number” field in the clustering configuration, (2) “name” field in the Edit Group configuration, (3) “Rule Name” field in the Access Control configuration, (4) “Service Name” in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration. 2019-03-21 not yet calculated CVE-2018-17167
MISC puppet — chloride
  Prior to version 0.3.0, chloride’s use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user’s known_hosts file without confirmation. In version 0.3.0 this is updated so that the user’s known_hosts file is not updated by chloride. 2019-03-21 not yet calculated CVE-2018-6517
CONFIRM puppet — discovery
  Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress. 2019-03-21 not yet calculated CVE-2018-11747
CONFIRM python — python urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(‘local_file:///etc/passwd’) call. 2019-03-23 not yet calculated CVE-2019-9948
MISC
MISC python — python
  An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740. 2019-03-23 not yet calculated CVE-2019-9947
MISC python-gnupg — python-gnupg
  python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a “CWE-20: Improper Input Validation” issue affecting the affect functionality component. 2019-03-21 not yet calculated CVE-2019-6690
SUSE
SUSE
MISC
BID
MLIST
MISC
BUGTRAQ qemu — qemu
  hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. 2019-03-21 not yet calculated CVE-2019-8934
MISC
MISC
MISC qemu — qemu
  In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. 2019-03-21 not yet calculated CVE-2019-6501
MLIST
MLIST qt — qt
  An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. 2019-03-21 not yet calculated CVE-2018-19872
CONFIRM raisecom — multiple_products An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system call inside the boa binary. Because there is no user input validation, this leads to authenticated code execution on the device. 2019-03-21 not yet calculated CVE-2019-7384
MISC
FULLDISC
MISC
MISC
BID
MISC raisecom — multiple_products An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device. 2019-03-21 not yet calculated CVE-2019-7385
MISC
MISC
FULLDISC
MISC
BID
MISC

reliance_jio_infocomm — jiofi_4g_m2s_devices

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter. 2019-03-21 not yet calculated CVE-2019-7439
MISC reliance_jio_infocomm — jiofi_4g_m2s_devices cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. 2019-03-21 not yet calculated CVE-2019-7438
MISC
MISC risi — gestao_de_horarios
  RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. 2019-03-21 not yet calculated CVE-2019-6491
MISC samsung — galaxy_s6 Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029. 2019-03-21 not yet calculated CVE-2018-14745
MISC
MISC
CONFIRM samsung — x7400gx_syncthru_web_service XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in “/sws.login/gnb/loginView.sws” in multiple parameters: contextpath and basedURL. 2019-03-21 not yet calculated CVE-2019-7421
MISC
FULLDISC
MISC
MISC samsung — x7400gx_syncthru_web_service XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in “/sws.application/information/networkinformationView.sws” in the tabName parameter. 2019-03-21 not yet calculated CVE-2019-7420
MISC
FULLDISC
MISC
MISC samsung — x7400gx_syncthru_web_service XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in “/sws/leftmenu.sws” in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. 2019-03-21 not yet calculated CVE-2019-7419
MISC
FULLDISC
MISC
MISC samsung — x7400gx_syncthru_web_service
  XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in “/sws/swsAlert.sws” in multiple parameters: flag, frame, func, and Nfunc. 2019-03-21 not yet calculated CVE-2019-7418
MISC
FULLDISC
MISC
MISC schneider_electric — modicon_plc_products Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. 2019-03-21 not yet calculated CVE-2015-6462
MISC schneider_electric — modicon_plc_products
  Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. 2019-03-21 not yet calculated CVE-2015-6461
MISC serve — serve A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to. 2019-03-21 not yet calculated CVE-2019-5415
MISC serve — serve
  A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server. 2019-03-21 not yet calculated CVE-2019-5417
MISC

shareit — shareit_for_android

The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public “open” Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices. 2019-03-22 not yet calculated CVE-2019-9939
MISC shareit — shareit_for_android
  The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public “open” Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a “recognized device.” 2019-03-22 not yet calculated CVE-2019-9938
MISC shellinabox — shellinabox
  libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down. 2019-03-21 not yet calculated CVE-2018-16789
MISC
MISC
CONFIRM
CONFIRM shenzhen_electronics_coship — multiple_devices
  An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn’t have backend validation for the current password and doesn’t require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router. 2019-03-21 not yet calculated CVE-2019-6441
MISC
MISC
MISC
MISC
EXPLOIT-DB
EXPLOIT-DB shenzhen_skyworth — multiple_devices
  An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7. 2019-03-21 not yet calculated CVE-2018-19524
MISC
MISC
MISC
MISC
MISC siemens — multiple_products
  A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-03-21 not yet calculated CVE-2018-16563
CONFIRM siemens — sicam_products
  A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public. 2019-03-21 not yet calculated CVE-2018-13798
CONFIRM signal_messenger — open_whisper_and_private_messenger
  Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets. 2019-03-23 not yet calculated CVE-2019-9970
MISC softnas — cloud
  SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data. 2019-03-23 not yet calculated CVE-2019-9945
MISC solarwinds — serv-u_ftp_server
  SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. 2019-03-21 not yet calculated CVE-2018-19934
MISC
MISC
MISC sonatype — nexus_repository_manager
  Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. 2019-03-21 not yet calculated CVE-2019-7238
MISC splunk — splunk-sdk-python
  Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. 2019-03-21 not yet calculated CVE-2019-5729
CONFIRM sqlite — sqlite In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. 2019-03-22 not yet calculated CVE-2019-9937
MISC
MISC
MISC sqlite — sqlite
  In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. 2019-03-22 not yet calculated CVE-2019-9936
MISC
MISC
MISC sqlitemanager — sqlitemanager
  SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued. 2019-03-21 not yet calculated CVE-2019-9083
MISC sricam — ip_cctv_cameras
  Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds. 2019-03-21 not yet calculated CVE-2019-6973
MISC
MISC
EXPLOIT-DB synaptics — touchpad_drivers
  SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses. 2019-03-21 not yet calculated CVE-2018-15532
MISC
MISC
MISC
CONFIRM systemd — systemd
  An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). 2019-03-21 not yet calculated CVE-2019-6454
SUSE
MLIST
MLIST
BID
REDHAT
MISC
MLIST
FEDORA
UBUNTU
DEBIAN systrome — cumilon_isg-600c_and_isg-600h_and_isg-800w_devices
  An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/isp_update_edit.php does not properly validate user input, which leads to shell command injection via the des parameter. 2019-03-21 not yet calculated CVE-2019-7383
MISC
MISC
FULLDISC
MISC
BID
MISC systrome — multiple_devices
  An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation. 2019-03-21 not yet calculated CVE-2018-19525
MISC
MISC
MISC teracue — enc-400_devices An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged. 2019-03-21 not yet calculated CVE-2018-20219
MISC
MISC
MISC teracue — enc-400_devices
  An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information. 2019-03-21 not yet calculated CVE-2018-20220
MISC
MISC
MISC teracue — enc-400_devices
  An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the “password” parameter in the login form. 2019-03-21 not yet calculated CVE-2018-20218
MISC
MISC the_receptionist — the_receptionist_for_ipad
  The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails. 2019-03-21 not yet calculated CVE-2018-17502
XF twig — twig
  A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place. 2019-03-23 not yet calculated CVE-2019-9942
MISC
MISC vanilla — vanilla
  In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server. 2019-03-21 not yet calculated CVE-2019-9889
MISC
MISC
MISC veritas — netbackup_appliance An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator. 2019-03-21 not yet calculated CVE-2019-9868
MISC veritas — netbackup_appliance An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator. 2019-03-21 not yet calculated CVE-2019-9867
MISC vertrigoserv — vertrigoserv
  VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter. 2019-03-21 not yet calculated CVE-2019-8938
MISC
MISC
MISC

wifi-soft — unibox_controller

An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. 2019-03-21 not yet calculated CVE-2019-3496
MISC
MLIST
MISC

wifi-soft — unibox_controller

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. 2019-03-21 not yet calculated CVE-2019-3497
MISC
MLIST
MISC wifi-soft — unibox_controller
  An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. 2019-03-21 not yet calculated CVE-2019-3495
MISC
MLIST
MISC wordpress — wordpress The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO. 2019-03-21 not yet calculated CVE-2019-9912
FULLDISC
MISC
MISC wordpress — wordpress The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. 2019-03-21 not yet calculated CVE-2019-9914
FULLDISC
MISC
MISC wordpress — wordpress The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. 2019-03-21 not yet calculated CVE-2019-9913
FULLDISC
MISC
MISC wordpress — wordpress
  The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. 2019-03-21 not yet calculated CVE-2019-9908
FULLDISC
MISC
MISC
MISC wordpress — wordpress
  The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user’s account. 2019-03-21 not yet calculated CVE-2018-19488
MISC wordpress — wordpress
  The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users. 2019-03-21 not yet calculated CVE-2018-19487
MISC wordpress — wordpress
  cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. 2019-03-21 not yet calculated CVE-2019-7441
MISC wordpress — wordpress
  The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. 2019-03-21 not yet calculated CVE-2019-9911
FULLDISC
MISC
MISC wordpress — wordpress
  A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php. 2019-03-21 not yet calculated CVE-2019-7299
MISC
MISC
MISC wordpress — wordpress
  The “Donation Plugin and Fundraising Platform” plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. 2019-03-21 not yet calculated CVE-2019-9909
FULLDISC
MISC
MISC
MISC wordpress — wordpress
  The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. 2019-03-21 not yet calculated CVE-2019-9910
FULLDISC
MISC
MISC wso2 — api_manager
  An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. 2019-03-21 not yet calculated CVE-2018-20736
CONFIRM
CONFIRM
MISC wso2 — api_manager
  An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. 2019-03-21 not yet calculated CVE-2018-20737
CONFIRM
CONFIRM
MISC xnview — xnview_classic XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399. 2019-03-23 not yet calculated CVE-2019-9969
MISC xnview — xnview_classic XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c. 2019-03-23 not yet calculated CVE-2019-9966
MISC xnview — xnview_classic XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString. 2019-03-23 not yet calculated CVE-2019-9967
MISC xnview — xnview_classic XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem. 2019-03-23 not yet calculated CVE-2019-9968
MISC xnview — xnview_mp XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey. 2019-03-23 not yet calculated CVE-2019-9964
MISC xnview — xnview_mp XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap. 2019-03-23 not yet calculated CVE-2019-9965
MISC xnview — xnview_mp XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap. 2019-03-23 not yet calculated CVE-2019-9963
MISC xnview — xnview_mp
  XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy. 2019-03-23 not yet calculated CVE-2019-9962
MISC xpdf — xpdf There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-03-21 not yet calculated CVE-2019-9878
MISC
MISC xpdf — xpdf
  There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-03-21 not yet calculated CVE-2019-9877
MISC
MISC yast — yast2-multipath
  In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection 2019-03-15 not yet calculated CVE-2018-17955
CONFIRM ysoft — safeq_server
  YSoft SafeQ Server 6 allows a replay attack. 2019-03-21 not yet calculated CVE-2018-15498
MISC yubico — libu2f-host
  Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey. 2019-03-21 not yet calculated CVE-2018-20340
CONFIRM
MISC
MISC
CONFIRM zoho_manageengine — adselfservice_plus
  An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data. 2019-03-21 not yet calculated CVE-2019-7161
MISC
CONFIRM zyxel — vmg3312-b10b_dsl-491hnu-b1b_modem
  ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. 2019-03-21 not yet calculated CVE-2019-7391
MISC
MISC
EXPLOIT-DB
MISC