Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19589PUBLISHED: 2019-12-05The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives.
CVE-2019-19597PUBLISHED: 2019-12-05D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
CVE-2019-19598PUBLISHED: 2019-12-05
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to t...
CVE-2019-19596PUBLISHED: 2019-12-05GitBook through 2.6.9 allows XSS via a local .md file.
CVE-2019-19590PUBLISHED: 2019-12-05
In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote at...
User Rank: Ninja
6/24/2015 | 12:41:39 PM