[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256610

 
 

909

 
 

199263

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 254845 Download | Alert*

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6285. Reason: This candidate is a duplicate of CVE-2019-6285. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2019-6285 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.

The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin.

The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.

CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.

In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: fo ...

In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link.

In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none


Pages:      Start    10958    10959    10960    10961    10962    10963    10964    10965    10966    10967    10968    10969    10970    10971    ..   25484

© SecPod Technologies