CVE-2018-19000

LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.

Source: CVE-2018-19000

CVE-2019-7412

The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values.

Source: CVE-2019-7412

CVE-2018-19002

LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash.

Source: CVE-2018-19002

CVE-2018-19029

LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash.

Source: CVE-2018-19029

CVE-2019-7413

In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. ("parallax" has a spelling change within the PHP filename.)

Source: CVE-2019-7413

CVE-2018-4056

An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.

Source: CVE-2018-4056

CVE-2019-6591

On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.

Source: CVE-2019-6591

CVE-2018-18990

LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.

Source: CVE-2018-18990

CVE-2019-3818

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption.

Source: CVE-2019-3818

CVE-2016-1000282

Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.

Source: CVE-2016-1000282