Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

CVE-2020-6131: TALOS-2020-1076 || Cisco Talos Intelligence Group

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.

CVE
Open in Source
#sql#vulnerability#web#windows#cisco#intel#php#auth#firefox
CVE-2020-6117: TALOS-2020-1072 || Cisco Talos Intelligence Group

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2020-15020: Elementor Website Builder – More than Just a Page Builder

An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.

CVE-2020-24609: Offensive Security’s Exploit Database Archive

TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload.

CVE-2020-24368: icingaweb2/CHANGELOG.md at master · Icinga/icingaweb2

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.

CVE-2020-0559: Intel-SA-00355

Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2020-17367: GitHub - netblue30/firejail: Linux namespaces and seccomp-bpf sandbox

Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.

CVE-2020-15655: Security Vulnerabilities fixed in Firefox ESR 78.1

A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

CVE-2020-15658: Security Vulnerabilities fixed in Firefox ESR 78.1

The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

CVE-2020-15652: Security Vulnerabilities fixed in Firefox ESR 68.11

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.