Weekly Update: a new vulnerability is published on the National Vulnerability Database (48 items)

New vulnerabilities from the NVD: CVE-2015-9499 (showbiz_pro) The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. Published at: October 23, 2019 at 12:15AM View on website October 28, 2019 at 05:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-4245 pootle 2.0.5-0.2 has XSS via 'match_names' parameter Published at: October 28, 2019 at 05:15PM View on website October 28, 2019 at 07:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-4241 Tiki Wiki CMS Groupware 5.2 has CSRF Published at: October 28, 2019 at 05:15PM View on website October 28, 2019 at 07:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-4240 Tiki Wiki CMS Groupware 5.2 has XSS Published at: October 28, 2019 at 05:15PM View on website October 28, 2019 at 07:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-4239 Tiki Wiki CMS Groupware 5.2 has Local File Inclusion Published at: October 28, 2019 at 05:15PM View on website October 28, 2019 at 07:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-3293 mailscanner can allow local users to prevent virus signatures from being updated Published at: October 28, 2019 at 05:15PM View on website October 28, 2019 at 07:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2009-4900 pixelpost 1.7.1-5 has XSS Published at: October 28, 2019 at 05:15PM View on website October 28, 2019 at 07:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2009-4899 pixelpost 1.7.1-5 has SQL injection Published at: October 28, 2019 at 05:15PM View on website October 28, 2019 at 07:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2005-2349 Zoo 2.10-27 has Directory traversal Published at: October 28, 2019 at 04:15PM View on website October 28, 2019 at 07:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2002-2444 Snoopy 2.0.0-1 has a security hole in exec cURL Published at: October 28, 2019 at 04:15PM View on website October 28, 2019 at 07:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-5577 Python keyring lib before 0.10 created keyring files with world-readable permissions. Published at: October 28, 2019 at 07:15PM View on website October 28, 2019 at 09:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9506 (amazon_s3, easy_digital_downloads) The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. Published at: October 23, 2019 at 08:15PM View on website October 29, 2019 at 05:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-2945 Hadoop 1.0.3 contains a symlink vulnerability. Published at: October 29, 2019 at 09:15PM View on website October 29, 2019 at 11:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-1187 Bitlbee does not drop extra group privileges correctly in unix.c Published at: October 29, 2019 at 09:15PM View on website October 29, 2019 at 11:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-0046 mediawiki allows deleted text to be exposed Published at: October 29, 2019 at 09:15PM View on website October 29, 2019 at 11:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-4931 gpw generates shorter passwords than required Published at: October 29, 2019 at 09:15PM View on website October 29, 2019 at 11:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-2538 Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. Published at: October 29, 2019 at 09:15PM View on website October 29, 2019 at 11:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-0428 Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments. Published at: October 29, 2019 at 09:15PM View on website October 29, 2019 at 11:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-4237 Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack. Published at: October 29, 2019 at 09:15PM View on website October 29, 2019 at 11:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-3375 qtparted has insecure library loading which may allow arbitrary code execution Published at: October 29, 2019 at 09:15PM View on website October 29, 2019 at 11:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-3373 paxtest handles temporary files insecurely Published at: October 29, 2019 at 09:15PM View on website October 29, 2019 at 11:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2009-3887 ytnef has directory traversal Published at: October 29, 2019 at 09:15PM View on website October 29, 2019 at 11:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2009-3723 asterisk allows calls on prohibited networks Published at: October 29, 2019 at 09:15PM View on website October 29, 2019 at 11:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-0694 SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. Published at: October 29, 2019 at 11:15PM View on website October 30, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-1408 ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. Published at: October 29, 2019 at 10:15PM View on website October 30, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-1678 Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. Published at: October 29, 2019 at 11:15PM View on website October 30, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-2064 rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. Published at: October 30, 2019 at 12:15AM View on website October 30, 2019 at 03:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-2061 rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. Published at: October 30, 2019 at 12:15AM View on website October 30, 2019 at 03:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-2186 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Published at: October 30, 2019 at 06:15PM View on website October 30, 2019 at 09:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-1391 Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration. Published at: October 30, 2019 at 11:15PM View on website October 31, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-0207 In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. Published at: October 30, 2019 at 11:15PM View on website October 31, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-0206 xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects. Published at: October 30, 2019 at 11:15PM View on website October 31, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-1673 A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment. Published at: October 31, 2019 at 01:15AM View on website October 31, 2019 at 03:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-0749 Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. Published at: October 31, 2019 at 01:15AM View on website October 31, 2019 at 03:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-0748 Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. Published at: October 31, 2019 at 01:15AM View on website October 31, 2019 at 03:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-0747 drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. Published at: October 31, 2019 at 01:15AM View on website October 31, 2019 at 03:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-0737 A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. Published at: October 31, 2019 at 01:15AM View on website October 31, 2019 at 03:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-0398 The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. Published at: October 31, 2019 at 12:15AM View on website October 31, 2019 at 03:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-2490 Mumble: murmur-server has DoS due to malformed client query Published at: October 31, 2019 at 06:15PM View on website October 31, 2019 at 09:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2009-5043 burn allows file names to escape via mishandled quotation marks Published at: October 31, 2019 at 06:15PM View on website October 31, 2019 at 09:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2009-5042 python-docutils allows insecure usage of temporary files Published at: October 31, 2019 at 06:15PM View on website October 31, 2019 at 09:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2009-5041 overkill has buffer overflow via long player names that can corrupt data on the server machine Published at: October 31, 2019 at 06:15PM View on website October 31, 2019 at 09:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-2783 IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. Published at: October 31, 2019 at 11:15PM View on website November 01, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-2548 IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. Published at: October 31, 2019 at 11:15PM View on website November 01, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2005-3056 TWiki allows arbitrary shell command execution via the Include function Published at: November 01, 2019 at 03:15PM View on website November 01, 2019 at 05:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2005-2351 Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. Published at: November 01, 2019 at 09:15PM View on website November 01, 2019 at 10:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2005-2350 Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. Published at: November 01, 2019 at 08:15PM View on website November 01, 2019 at 10:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2005-2352 I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. Published at: November 01, 2019 at 11:15PM View on website November 02, 2019 at 12:31AM via National Vulnerability Database