COVO versions 9.0.8, 10.0.11, and 12.0.4 suffer from a cross site scripting vulnerability.
536fe8125d7c4f154b2134a3d9dd54e28dc1f299ff583b285fabb0fe5957ab88
Pages for Bitbucket Server versions 2.6.0 and below suffer from multiple cross site scripting vulnerabilities.
00e15de722a2abcb4369842cf674d79bc2dfc242c63adce5fb4956017b3a96c1
OPNsense version 19.1 suffers from a cross site scripting vulnerability.
1e48a539c9ed21ef9ac9f3037fbf7b082d9418e82ef5ed9c8df574caf19008cb
This paper discusses a vulnerability class called "Expression Language Injection (EL Injection)". Although several security researchers have published details in the past, the bug class is still fairly unknown. EL Injection is a serious security threat over the Internet for the various dynamic applications. In today's world, there is a universal need present for dynamic applications. As the use of dynamic applications for various online services is rising, so is the security threats increasing. This paper defines a methodology for detecting and exploiting EL injection.
568d83e4ae3f7e4ec9156217f07b246cb483b2ee929431c519f7b291f7254ed0
Joomla wgPicasa component version 3x suffers from a remote SQL injection vulnerability.
58547ab87fcdd3a0c1fc0e3cb9b4c650f4447194a3eaeb52d23e6dc320debc62
Joomla Sobi2 SobiPro component version 1.4.9 suffers from a remote SQL injection vulnerability.
5bb96c52b431fa51d56a7399ef2e749f2cb92f77d1ac842838825c5331fe0f05
Joomla JamBook component version 1.5 suffers from a remote SQL injection vulnerability.
34b84195499bc29c3b2e881736dadda770d14ec34797f57516a85ab6724b7e60
Joomla GMapFP Google Map component version 3.52 suffers from a remote SQL injection vulnerability.
01924bc547eac69c24b694545d5d3b7a57dcb11cb3218e5621dba8d5085c9688
Joomla ChronoConnectivity2 component version 6.0.7 suffers from a remote SQL injection vulnerability.
0b7e499cabece2ac1dbd0e504e33e82f932fc8b83ff9d6a37c8324840aacd06e
Joomla AtomiconGallery component version 1.5.x suffers from a remote SQL injection vulnerability.
6affda7a7152190ed36141db2150af87d724b812c064f2d482a5339a3c5ed3a4
Ubuntu Security Notice 3877-1 - It was discovered that LibVNCServer incorrectly handled certain operations. A remote attacker able to connect to applications using LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.
7bb816aece59b9aab809749a28009badb441a6a40624bdbbbb3fb7066549f21a
Red Hat Security Advisory 2019-0237-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include an improper authentication vulnerability.
c72b9fe5413afc546311050d978e7b7a8055256991222c11fd930786001f7788
Red Hat Security Advisory 2019-0230-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.
89f54c45c0df7d5be2075a39c847c14e324c0916fb43ec12e92c80dcf55244aa
Red Hat Security Advisory 2019-0229-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include bypass and use-after-free vulnerabilities.
e81ad852a81d59f92ab945d478f633f6eee573cf410bb8aeae1f8c6a0eec97c9
Red Hat Security Advisory 2019-0231-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Issues addressed include an off-by-one error.
7d6ae7f9db2dbef1c0230d17826701cf08e76873ca847339dabf4b152c8d36cd
Red Hat Security Advisory 2019-0232-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Issues addressed include an off-by-one error.
d09f0a0488731b09d6e56b80cd725749619a0d9a28bdc1c4b130959e3f76b6c0
PassFab Excel Password Recovery version 8.3.1 buffer overflow exploit with SEH overwrite.
1a2b60bea569011b02b6248352c36b74de048405323a75ea2bb4c7bc2d406e45
LanHelper version 1.74 suffers from a denial of service vulnerability.
f93c6cc6423bf4cc1d4c929a28380ab31616ef6bb0114ae2546b24c5717bea69
FlexHEX version 2.46 denial of service proof of concept exploit with SEH overwrite.
0c0b8b6a2e82ec4aef14fdb53b7e39d40a9c18707c6c9dec9ee0c07bd4e372e3
ASPRunner Professional version 6.0.766 suffers from a denial of service vulnerability.
7bb520da2a37c0bdb24d2fc232b0e45e99f89e9f1db7dc094ed0a029b2c8f5e9
a-Mac Address Change version 5.4 suffers from a denial of service vulnerability.
12e301ba938a01cbbb799449ec30f2f1b3c40dc92449af4dac6a52489d9f1a9f
Advanced Host Monitor version 11.90 Beta registration number denial of service proof of concept exploit.
07548b13480bc3cce1ceb65497bd3dc35920ad94a3350747000a4a431517abba