Security
Headlines
HeadlinesLatestCVEs

Tag

#nginx

CVE-2019-19650: Release Notes - New features

Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.

CVE
#sql#xss#csrf#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#amazon#ubuntu#linux#cisco#apache#redis#memcached#nodejs#js#git#java#oracle#kubernetes#intel#php#rce#perl#ldap#nginx#pdf#vmware#aws#log4j#oauth#auth#ssh#telnet#ibm#dell#ruby#mongo#postgres#docker#chrome#firefox#sap#ssl
CVE-2019-5029: TALOS-2019-0790 || Cisco Talos Intelligence Group

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.

CVE-2019-13385: ChangeLog for CentOS 7 | Control Web Panel

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.

CVE-2019-10869: Pentest reveals vulnerabilities in WordPress plugin Ninja Forms

Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.

CVE-2017-11164: oss-security - Re: [scr358145] pcre-8.41

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

CVE-2016-5771: PHP: PHP 5 ChangeLog

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

CVE-2016-3078: security - CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*

Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.