by Alyssa Portillo | Jan 29, 2020 | CVE Notifications
Dokeos 2.1.1 has multiple XSS issues involving “extra_” parameters in main/auth/profile.php.
by Alyssa Portillo | Jan 29, 2020 | CVE Notifications
contao prior to 2.11.4 has a sql injection vulnerability
by Alyssa Portillo | Jan 29, 2020 | CVE Notifications
Havalite CMS 1.1.7 has a stored XSS vulnerability
by Alyssa Portillo | Jan 29, 2020 | CVE Notifications
flaskparser.py in Webargs 5.x through 5.5.2 doesn’t check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows...
by Alyssa Portillo | Jan 29, 2020 | CVE Notifications
A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 and 4.7.8 allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core program files. By injecting a...
