CVE Database - 2019

Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13.

log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS.

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks.

_account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.

_get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.ajax.php) in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the fileIds parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS.

translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924.

IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422.

In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.

TVT NVMS-1000 devices allow GET /.. Directory Traversal

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).

On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.

On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.

On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040

LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets.

Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.

Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.

Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.

Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.

Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.

Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.

An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM.

Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter.

Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.

Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the popup parameter.

Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php.

Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.

Collabtive 1.0 has incorrect access control

Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the 'page' parameter.

Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream

AVTECH AVN801 DVR has a security bypass via the administration login captcha

Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials

Hikvision DS-2CD7153-E IP Camera has Privilege Escalation

Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking

ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request

Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS

Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities

WordPress Xorbin Digital Flash Clock 1.0 has XSS

Sencha Labs Connect has XSS with connect.methodOverride()

SPBAS Business Automation Software 2012 has CSRF.

SPBAS Business Automation Software 2012 has XSS.

Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).

Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).