Vulnerabilities

CVE-2014-9699


Vulnerabilities – Secur3.us MakerBot Desktop Release Notes | MakerBot Desktop (Software) | MakerBot Support
The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthenticated attackers through this HTTP server.

CVE-2017-17945


http://firstsight.me/2017/12/lack-of-binary-protection-at-asus-vivo-baby-and-hivivo-for-android-that-could-result-of-several-security-issues
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.

CVE-2018-20843


https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226 libexpat/Changes at R_2_2_7 · libexpat/libexpat · GitHub [CVE-2018-20843] 88k xml file uses >2G memory · Issue #186 · libexpat/libexpat · GitHub xmlparse.c: Fix extraction of namespace prefix from XML name (#186) by hartwork · Pull Request #262 · libexpat/libexpat · GitHub xmlparse.c: Fix extraction of namespace prefix from XML name (#186) by hartwork · Pull Request #262 · libexpat/libexpat · GitHub
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

CVE-2019-10271


https://cxsecurity.com/issue/WLB-2019060120
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. To perform such a modification, one first needs to (for example) intercept an upload-picture request and modify the user_id parameter.

CVE-2019-10689


https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf
VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information.

CVE-2019-11647


NetIQ Self Service Password Reset 4.4 Patch Update 2 Release Notes
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.

CVE-2019-11648


NetIQ Self Service Password Reset 4.4 Patch Update 2 Release Notes
An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information.

CVE-2019-12292


https://support.citrix.com/article/CTX253828 302 Found
Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.

CVE-2019-12323


[HYP3RLINX] 301 Moved Permanently https://help.hostingcontroller.com/OnlineHelp/default.aspx?pageid=hc_release_notes
The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS.

CVE-2019-12346


CVE-2019-12346 – miniOrange SAML SP Single Sign On WordPress Plugin XSS – ZeroAuth
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.

CVE-2019-12384


Doyensec :: Build with Security Comparing 74b90a4...a977aad · FasterXML/jackson-databind · GitHub [SECURITY] [DLA 1831-1] jackson-databind security update
FasterXML jackson-databind 2.x before 2.9.9 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.

CVE-2019-12869


PHOENIX CONTACT Multiple Vulnerabilities in Automation Worx Software Suite — English (USA) ZDI-19-579 | Zero Day Initiative
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation

CVE-2019-12870


PHOENIX CONTACT Multiple Vulnerabilities in Automation Worx Software Suite — English (USA) ZDI-19-575 | Zero Day Initiative
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

CVE-2019-12871


PHOENIX CONTACT Multiple Vulnerabilities in Automation Worx Software Suite — English (USA) ZDI-19-578 | Zero Day Initiative
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

CVE-2019-12880


301 Moved Permanently Quarking Password Manager - Chrome Web Store
BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. An attacker can take advantage of this vulnerability and cause significant harm.

CVE-2019-12928


[CVE-2019-12928] QEMU Machine Protocol Migrate Command Execution | Fakhri Zulkifli
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.

CVE-2019-12929


[CVE-2019-12929] QEMU Guest Agent guest_exec Command Execution | Fakhri Zulkifli
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.

CVE-2019-12938


https://bitbucket.org/analogic/mailserver/issues/665/posteio-logs-leak https://poste.io/changelog
The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI.

CVE-2019-12939


[FG-VD-19-082] LiveZilla Server is vulnerable to SQL Injection - LiveZilla Community Forums
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.

CVE-2019-12940


[FG-VD-19-084] LiveZilla Server is vulnerable to Denial Of Service - LiveZilla Community Forums
LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter.

CVE-2019-12951


Fix heap-based overflow in parse_mqtt · cesanta/mongoose@b3e0f78 · GitHub Release Mongoose 6.15 · cesanta/mongoose · GitHub
An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.

CVE-2019-12957


read___global-buffer-overflow in FoFiType1C::convertToType1 - forum.xpdfreader.com
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.

CVE-2019-12958


read___heap-buffer-overflow in FoFiType1C::convertToType0 - forum.xpdfreader.com
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.

CVE-2019-7229


301 Moved Permanently 301 Moved Permanently Object moved Object moved DarkMatter - Smart and Safe Digital | ABB HMI Absence of Signature Verification
The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files.

CVE-2019-7230


301 Moved Permanently 301 Moved Permanently Object moved DarkMatter - Smart and Safe Digital |
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.

CVE-2019-7231


301 Moved Permanently Object moved DarkMatter - Smart and Safe Digital |
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server.

CVE-2019-7232


301 Moved Permanently 301 Moved Permanently Object moved DarkMatter - Smart and Safe Digital |
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.

CVE-2019-9085


HotelDruid Hotel Management Software: Free Downloads https://metamorfosec.com/Files/Advisories/METS-2019-006-An_Invalid_Arguments_in_Hoteldruid_before_v2.3.1.txt
Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php.

CVE-2019-9957


CVE-2019-9957 – Crawl3r
Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload can then be triggered by accessing the "Set Security Levels" or "View User/Group Relationships" page. If the attacker does not currently have permission to create a new user, another vulnerability such

CVE-2019-9958


CVE-2019-9958 – Crawl3r
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests.

Techno

Slashdot


The comic's Strip