NVD

CVE-2018-20772

NVD Vulnerabilities - Sun, 02/10/2019 - 21:29
Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.
Categories: NVD

CVE-2018-20773

NVD Vulnerabilities - Sun, 02/10/2019 - 21:29
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.
Categories: NVD

CVE-2019-7693

NVD Vulnerabilities - Sun, 02/10/2019 - 17:29
Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports "Sissi in Rete (con server)" for offline operation.
Categories: NVD

CVE-2019-7697

NVD Vulnerabilities - Sun, 02/10/2019 - 17:29
An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls.
Categories: NVD

CVE-2019-7698

NVD Vulnerabilities - Sun, 02/10/2019 - 17:29
An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095.
Categories: NVD

CVE-2019-7699

NVD Vulnerabilities - Sun, 02/10/2019 - 17:29
A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted mp4 input, which leads to a denial of service.
Categories: NVD

CVE-2019-7700

NVD Vulnerabilities - Sun, 02/10/2019 - 17:29
A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge.
Categories: NVD

CVE-2019-7701

NVD Vulnerabilities - Sun, 02/10/2019 - 17:29
A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js.
Categories: NVD

CVE-2019-7702

NVD Vulnerabilities - Sun, 02/10/2019 - 17:29
A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.
Categories: NVD

CVE-2019-7703

NVD Vulnerabilities - Sun, 02/10/2019 - 17:29
In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge.
Categories: NVD

CVE-2019-7704

NVD Vulnerabilities - Sun, 02/10/2019 - 17:29
wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt.
Categories: NVD

CVE-2018-20767

NVD Vulnerabilities - Sun, 02/10/2019 - 12:29
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.
Categories: NVD

CVE-2018-20768

NVD Vulnerabilities - Sun, 02/10/2019 - 12:29
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.
Categories: NVD

CVE-2018-20769

NVD Vulnerabilities - Sun, 02/10/2019 - 12:29
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability.
Categories: NVD

CVE-2018-20770

NVD Vulnerabilities - Sun, 02/10/2019 - 12:29
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.
Categories: NVD

CVE-2018-20771

NVD Vulnerabilities - Sun, 02/10/2019 - 12:29
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.
Categories: NVD

CVE-2019-7692

NVD Vulnerabilities - Sun, 02/10/2019 - 11:29
install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder.
Categories: NVD

CVE-2018-13792

NVD Vulnerabilities - Sat, 02/09/2019 - 21:29
Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.
Categories: NVD

CVE-2009-5154

NVD Vulnerabilities - Sat, 02/09/2019 - 17:29
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.
Categories: NVD

CVE-2019-7673

NVD Vulnerabilities - Sat, 02/09/2019 - 17:29
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format.
Categories: NVD