types Archives

Advisory

Horde Gollem 3.0.12, as used in Horde Groupware Webmail Edition 5.2.22, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality. An attacker can obtain access to a victim’s webmail account by making them visit a malicious URL.

Leggi di più

The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.

Leggi di più

CVE-2019-9202: a Command Injection vulnerability in Nagios Incident Manager (component of Nagios XI) before 2.2.7 allows authenticated attackers to achieve remote code execution via a malicious host record.

Leggi di più

CVE-2019-9204: a SQL Injection vulnerability in Nagios Incident Manager (component of Nagios XI) before 2.2.7 allows authenticated attackers to inject additional SQL statements via the incident_id parameter.

Leggi di più

CVE-2019-9203: An Authorization Bypass vulnerability in Nagios Incident Manager (component of Nagios XI) before 2.2.7 allows unauthenticated users to bypass the authentication checks via a void token.

Leggi di più

CVE-2019-9164: a command injection vulnerability in Nagios XI before 5.5.11 allows authenticated users to execute arbitrary remote commands via a new autodiscovery job.

Leggi di più

CVE-2019-9166: a privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php.

Leggi di più

CVE-2019-9165: a SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers with a valid 'fusekey' API key to execute arbitrary SQL commands via a malicious user id.

Leggi di più

CVE-2019-9167: a cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.

Leggi di più