Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2019-15838: Custom 404 Pro

The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.

CVE
#sql#xss#csrf#vulnerability#js#git#wordpress#auth
Scalable infrastructure for investigations and incident response

Traditional computer forensics and cyber investigations are as relevant in the cloud as they are in on-premise environments, but the methods in which to access and perform such investigations differ. This post will describe some of the challenges of bringing on-premises forensics techniques to the cloud and show one solution to overcome these challenges, using Azure functionality.

CVE-2018-21004

The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.

CVE-2019-14246: CentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.851 phpMyAdmin Password Change ≈ Packet Storm

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.

CVE-2019-5041: TALOS-2019-0805 || Cisco Talos Intelligence Group

An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability.

CVE-2017-18539: WebLibrarian

The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes.

CVE-2019-4483: Security Bulletin: SQL Injection Affects IBM Emptoris Spend Analysis and IBM Emptoris Contract Management (CVE-2019-4481, CVE-2019-4483)

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.