CVE-2020-11441

by JeremyUncategorizedPosted on Comments are Disabled

phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page.

CVE-2020-11441

by JeremyUncategorizedPosted on Comments are Disabled

phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page.

CVE-2020-6008

by JeremyUncategorizedPosted on Comments are Disabled

LifterLMS WordPress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution

CVE-2020-11414

by JeremyUncategorizedPosted on Comments are Disabled

An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the directory where the upload handler class is defined. Before …

Read more “CVE-2020-11414”

CVE-2020-11414

by JeremyUncategorizedPosted on Comments are Disabled

An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the directory where the upload handler class is defined. Before …

Read more “CVE-2020-11414”

CVE-2020-11112

by JeremyUncategorizedPosted on Comments are Disabled

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

CVE-2020-11112

by JeremyUncategorizedPosted on Comments are Disabled

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

CVE-2020-11112

by JeremyUncategorizedPosted on Comments are Disabled

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

CVE-2020-11112

by JeremyUncategorizedPosted on Comments are Disabled

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

CVE-2020-11106

by JeremyUncategorizedPosted on Comments are Disabled

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION[‘RF’][“view_type”] wasn’t sanitized if it was already set. This made stored XSS possible if one opens ajax_calls.php and uses the “view” action and places a payload in the type parameter, and then returns to the dialog.php page. This occurs …

Read more “CVE-2020-11106”