Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2018-15811: Releases · dnnsoftware/Dnn.Platform

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

CVE
#sql#web#ios#windows#google#microsoft#nodejs#js#git#perl#auth#ssl
CVE-2019-4298: IBM Robotic Process Automation privilege escalation CVE-2019-4298 Vulnerability Report

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764.

CVE-2019-11822: Synology_SA_19_01 | Synology Inc.

Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.

CVE-2019-5827

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-4241: Security Bulletin: Multiple vulnerabilities affect IBM PureApplication System

IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.

CVE-2019-4153: Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Access Manager Appliance

IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.

CVE-2019-12181: Serv-U File Server 15.1.7 Release Notes

A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.

CVE-2018-20469: CVE-2018-20469 - Sahi pro (

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.

CVE-2018-4048: TALOS-2018-0722 || Cisco Talos Intelligence Group

An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.

CVE-2019-12239: WP Booking System – Booking Calendar

The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.