Common Vulnerabilities and Exposures

Słabe szyfrowanie haseł w IBM i Access Client Solutions umożliwia atakującym odszyfrowanie przechowywanych haseł i umożliwia dostęp do podłączonych systemów

Cross-site scripting in Spipu HTML2PDF example files allows script execution via crafted input

Denial of service in F5 BIG-IQ iControl SOAP daemon - attackers with guest privileges can crash the service

Reflected cross-site scripting in F5 BIG-IP Configuration utility allows script execution via crafted requests

Path traversal in elFinder PHP LocalVolumeDriver connector allows reading/writing files outside webroot

Windows Kernel elevation of privilege allows local attackers to escalate from user to SYSTEM level access (CVSS 7.8)

Stored cross-site scripting in IBM Cognos Analytics via malicious SVG files in Custom Visualizations

Unauthenticated path traversal in Hummingbird WordPress plugin allows reading arbitrary files from the server

SQL injection in Sparx Systems Enterprise Architect allows attackers to execute arbitrary SQL queries

DLL hijacking in IBM i Access Client Solutions on Windows allows local code execution via malicious DLLs

URL spoofing in OwnCloud password reset emails allows phishing attacks via manipulated reset links

Cross-site scripting in blog-post creation functionality in Amasty Blog Pro for Magento 2

Cross-site scripting in preview functionality in Amasty Blog Pro for Magento 2

Stored cross-site scripting in IBM InfoSphere Information Server allows persistent malicious scripts

Stored cross-site scripting in blog-post creation in Amasty Blog Pro for Magento 2 allows persistent script injection