CWE:
 

Topic
Date
Author
Low
WordPress 5.1.1 Slider Revolution 4.6.5 UpdateCaptionsCSS Remote Content Injection
21.03.2019
KingSkrupellos


CVEMAP Search Results

CVE
Details
Description
2019-05-17
Medium
CVE-2019-6781

Vendor: Gitlab
Software: Gitlab
 

 
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.

 
2019-05-14
Low
CVE-2019-11845

Vendor: Ricoh
Software: Sp 4510dn fi...
 

 
An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

 
Low
CVE-2019-11844

Vendor: Ricoh
Software: Sp 4520dn fi...
 

 
An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.

 
2019-05-08
Medium
CVE-2019-11819

Vendor: Alkacon
Software: Opencms
 

 
Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.

 
Medium
CVE-2019-11642

Updating...
 

 
A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or form elements. These payloads are then executed via a client side debugging console. This is predicated on the debugging console and Java Bean being made available to the deployed application.

 
2019-04-30
High
CVE-2019-3931

Vendor: Crestron
Software: Am-100 firmware
 

 
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root.

 
2019-04-29
Medium
CVE-2019-11594

Updating...
 

 
In AdBlock before 3.45.0, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.

 
Medium
CVE-2019-11593

Updating...
 

 
In Adblock Plus before 3.5.2, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.

 
2019-04-11
Medium
CVE-2019-9056

Vendor: Cmsmadesimple
Software: Cms made simple
 

 
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection.

 
2019-04-09
Low
CVE-2018-20698

Vendor: Search-guard
Software: Search guard
 

 
The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top