CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2019-03-08
Medium
CVE-2019-9634

Vendor: Golang
Software: GO
 

 
Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.

 
2019-02-19
Medium
CVE-2019-8948

Vendor: Papercut
Software: Papercut mf
 

 
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.

 
2019-02-12
Medium
CVE-2019-7743

Vendor: Joomla
Software: Joomla!
 

 
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.

 
2019-02-07
Low
CVE-2018-1666

Vendor: IBM
Software: Datapower ga...
 

 
IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.

 
2019-02-05
Low
CVE-2017-1202

Updating...
 

 
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677.

 
Medium
CVE-2018-18992

Updating...
 

 
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.

 
2019-02-04
Low
CVE-2019-7351

Vendor: Zoneminder
Software: Zoneminder
 

 
Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value.

 
2019-02-01
Medium
CVE-2018-16490

Updating...
 

 
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.

 
Medium
CVE-2018-16486

Vendor: Defaults-deep project
Software: Defaults-deep
 

 
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.

 
Medium
CVE-2018-16489

Updating...
 

 
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top