Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2019-19650: Release Notes - New features

Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#amazon#ubuntu#linux#cisco#apache#redis#memcached#nodejs#js#git#java#oracle#kubernetes#intel#php#rce#perl#ldap#nginx#pdf#vmware#aws#log4j#oauth#auth#ssh#telnet#ibm#dell#ruby#mongo#postgres#docker#chrome#firefox#sap#ssl
CVE-2019-18960: security - CVE-2019-18960: Firecracker v0.18.0 and v0.19.0 vsock buffer overflow

Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.

CVE-2019-19709: ⚓ T239466 Possible to circumvent title-blacklist (CVE-2019-19709)

MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.

CVE-2019-5111: TALOS-2019-0904 || Cisco Talos Intelligence Group

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.

CVE-2019-5109: TALOS-2019-0902 || Cisco Talos Intelligence Group

Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.

CVE-2019-5110: TALOS-2019-0903 || Cisco Talos Intelligence Group

Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.

CVE-2019-14895: security - Linux kernel: heap overflow in the marvell wifi driver

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.

CVE-2019-19306: ZOHO CRM Lead Magnet version 1.6.9.1 · Issue #16 · cybersecurityworks/Disclosed

The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName.

CVE-2019-19246: Heap buffer overflow in mb_eregi

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

CVE-2013-2093: CVE-2013-2093

Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.