WordPress Plainview Activity Monitor plugin is vulnerable to OS command injection which allows an attacker to remotely execute commands on the underlying system. Application passes unsafe user supplied data to ip parameter into activities_overview.php. Privileges are required in order to exploit this vulnerability. Vulnerable plugin version: 20161228 and possibly prior. Fixed plugin version: 20180826.
8bacd47eae727e0caea978775817a289
Debian Linux Security Advisory 4578-1 - Multiple security issues were found in libvpx multimedia library which could result in denial of service and potentially the execution of arbitrary code if malformed WebM files are processed.
8d73be098508bd36c628ce84936f91c2
Multiple denial of service vulnerabilities have been discovered and disclosed in the axTLS library versions 2.1.5 and below.
d19632244913b29df1e0c7ca2bc77e5a
OwnCloud version 8.1.8 suffers from a username disclosure vulnerability.
757c36179daa923d31563d7d6f7b1f5f
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.
839a835373eff1043e2c6d5d697405eb
Online Inventory Manager version 3.2 suffers from a persistent cross site scripting vulnerability.
6ac161329333e8c549273ff3dd783e15
Ubuntu Security Notice 4204-1 - Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.
246fe48001bbea222c530155fafe998b
Debian Linux Security Advisory 4577-1 - Tim Dusterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF injections.
136682b36788547ff6b9f48e09a65017
SpotAuditor version 5.3.2 Name and Key proof of concept denial of service exploits.
d66f0f8c99963521d186ed04b3546271
Mersive Solstice version 2.8.0 suffers from a remote code execution vulnerability.
f3903fc24965899d871de9de55475185
GHIA CamIP version 1.2 for iOS suffers from a denial of service vulnerability.
350fc3d2528c2e5ace3997ad02690935
TexasSoft CyberPlanet version 6.4.131 suffers from a CCSrvProxy unquoted service path vulnerability.
cd722a5c463766d57ec9e2c1a003a472
WordPress version 5.3 suffers from a username enumeration vulnerability.
b263069a414f9bb50aa1628b813065d1
The CBC Gem Android and iOS applications (Android version 9.24.0 and below, iOS version 9.24.0 and below) sends potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first and third party sites (Adobe Marketing Cloud, ScorecardResearch).
ddf0c0125210e18aad3d55c6060e572e
Ubuntu Security Notice 4203-2 - USN-4203-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
e3c81da24686986b81918cb98c31ffce
Ubuntu Security Notice 4203-1 - It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
05573b211f4c44450d8676b2857ee497
Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
521fcef9f7dbf428929332a5f1ece053
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
9e814654d1ade904d23ca004e56b0870
Red Hat Security Advisory 2019-4019-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and denial of service vulnerabilities.
87115a7601280067a7b46f9664a64f2a
Red Hat Security Advisory 2019-4018-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and denial of service vulnerabilities.
aae190edf8594ff10d1a8ecb98f8cefe
The vulnerability allows rescaling and corrupting the Xiaomi Mi Box (model: MIBOX3, build.id : MHC19) display without any privilege requirement, thus creating an opportunity for a non-privilege malicious app to disable the basic functionalities that the TV box is offering or can even be used for ransomware purpose - e.g., each time a target streaming app is launched, the malicious app can corrupt the display.
de7ea94c8301dc45448597ee55213bf1
B-Sides Ljubljana will be held April 4th, 2020 in Ljubljana, Slovenia.
cc75508f174a9d80d3f5e405effe1cc7
Red Hat Security Advisory 2019-4021-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and denial of service vulnerabilities.
3a95fce4e80361829ee75de88548e735
Red Hat Security Advisory 2019-4020-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and denial of service vulnerabilities.
b1793fef4380b6c0c3ecac9b39987c73
A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2019-11932 is a vulnerability in the android-gif-drawable library. Yet the CVE text doesn't mention "android-gif-drawable". It only mentions WhatsApp. There could be over 28,400 free Android apps that use this library.
a6614c2514fa1b374a4aab6d0310003c