Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2019-5109: TALOS-2019-0902 || Cisco Talos Intelligence Group

Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.

CVE
Open in Source
#sql#vulnerability#web#windows#cisco#intel#php#auth#firefox
CVE-2019-5110: TALOS-2019-0903 || Cisco Talos Intelligence Group

Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.

CVE-2019-14895: security - Linux kernel: heap overflow in the marvell wifi driver

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.

CVE-2019-19306: ZOHO CRM Lead Magnet version 1.6.9.1 · Issue #16 · cybersecurityworks/Disclosed

The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName.

CVE-2019-19246: Heap buffer overflow in mb_eregi

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

CVE-2013-2093: CVE-2013-2093

Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.

CVE-2013-2091: oss-security - Re: Re: CVE Request: Dolibarr

SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.

CVE-2019-18854: Changeset 2185438 – WordPress Plugin Repository

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.

CVE-2019-5114: TALOS-2019-0906 || Cisco Talos Intelligence Group

An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system.

CVE-2019-5121: TALOS-2019-0911 || Cisco Talos Intelligence Group

SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php