Gemalto (Thales Group) DS3 Authentication Server and Ezio Server versions prior to 3.1.0 suffer from semi-blind OS command injection, local file disclosure, and broken access controls that when combined allows a low-privileged application user to upload a JSP web shell with the access rights of the lower privileged Linux system user "asadmin".
0ed8c2d2c9c1f2f828d34bae21d8e4a001f9cbbc1692d968c69dd7410a22ca56
Debian Linux Security Advisory 4440-1 - Multiple vulnerabilities were found in the BIND DNS server.
f70a908b954d4b5ace79a2dea1e66f41bfc723be1ea3c500239d6be2254e57ad
Debian Linux Security Advisory 4439-1 - Dean Rasheed discovered that row security policies in the PostgreSQL database system could be bypassed.
81c03f51d7366497f77b4f5a4e89c98e12d3fef09fd37e3f9680bf4df2e6cf27
The Texture Canada Android and iOS applications (Android version 4.21.0.1, iOS version 5.11.6 and below) sends potentially sensitive information such as number of app launches, device model, Android or iOS version and screen resolution, unencrypted to a third party site (ScorecardResearch).
8efefb38edf3cb8569fef8c1e4d0115eaf21dbfcc1b58e5f8cb1a093faf95a5d
An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.
8aa24d5f0536dc8ab8ba5a04208bb67d10be44f374d522d992546b0c6b964e41
An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
1e92ae0c5278fc1a1ef7d635b6034490e6b56ed89def0c3158b907b154633917
dotCMS version 5.1.1 suffers from an html injection vulnerability.
23b339e94a95b034f9c375f3d926f981beaf280b2ce788ad8d29bc64d346524b
NetNumber Titan ENUM/DNS/NP version 7.9.1 suffers from authorization bypass and path traversal vulnerabilities.
91d6cdad283f49157df644827e06ac64b097019fff5a2a182508b80cd88def3d
dotCMS version 5.1.1 suffers from cross site scripting and various other vulnerabilities due to various open source dependencies.
807354717454bcddf23878f723cf0673fbb451acfadadb8aeb6ae4f5faa523c1
Red Hat Security Advisory 2019-1140-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.1 serves as a replacement for Red Hat Single Sign-On 7.3.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a deserialization vulnerability.
6271484c47940b0c7dd386126f6ef63ce4c90910c0f55a1eb2d7f58051fd1fc5
Ubuntu Security Notice 3969-2 - USN-3969-1 fixed a vulnerability in wpa_supplicant and hostapd. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant and hostapd incorrectly handled unexpected fragments when using EAP-pwd. A remote attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
d063662e4575bcd82421569a8449e9700b1d8fb3e9cecac39df898061caeb939
Red Hat Security Advisory 2019-1131-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Issues addressed include a bypass vulnerability.
db426515b50171432a0716ccb69ebc5b4d732cbc763f4cf985dc3c6d0c33429e
jetAudio version 8.1.7.20702 Basic denial of service proof of concept exploit.
58c48632bf21d3deff18c6d024ad8bfe3720bc8d00a946f0f79c9fe8f58572dd
Ubuntu Security Notice 3956-2 - USN-3956-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Various other issues were also addressed.
92f0820e4e0b48968a72bf42560719fa484a428ac00b12eeca37d3daf694d334
Zoho ManageEngine ADSelfService Plus version 5.7 builds prior to 5702 suffer from multiple cross site scripting vulnerabilities.
387409100d97dd417092cef2d4794afae251671c57ed353106f035b7765369d9
Lyric Video Creator version 2.1 .mp3 denial of service proof of concept exploit.
4a663d8d2b576355f7e392b4acfa3895ff669cce266f5e3785ebafb03df059c5
Lyric Maker version 2.0.1.0 denial of service proof of concept exploit.
a0967fd0359592750cb3aa14006b841d03455e2b252314c2ad4abe9b04a959c8