Security News

Security news from:

  • CVE-2019-6779 – 24. januar 2019
    Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. (CVSS:0.0) (Last Update:2019-01-24)
  • CVE-2019-6777 – 24. januar 2019
    An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. (CVSS:4.3) (Last Update:2019-01-24)
  • CVE-2019-6780 – 24. januar 2019
    The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer. (CVSS:0.0) (Last Update:2019-01-24)
  • CVE-2019-6486 – 24. januar 2019
    Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recover …
  • CVE-2019-6713 – 23. januar 2019
    app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into …
  • CVE-2019-6708 – 23. januar 2019
    PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter. (CVSS:6.5) (Last Update:2019-01-24)
  • CVE-2019-6691 – 23. januar 2019
    phpwind UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "–backup database" option. (CVSS:0.0) (Last Update:20 …
  • CVE-2019-6707 – 23. januar 2019
    PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter. (CVSS:6.5) (Last Update:2019-01-24)
  • CVE-2019-6706 – 23. januar 2019
    Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have c …
  • CVE-2019-6719 – 23. januar 2019
    An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose. …