AppSec News from the Web
- Gartner highlights shortcomings in application security at the Gartner Security and Risk Management Summit. Read more >>
- Huawei products riddled with backdoors, zero days and critical vulnerabilities. Read more >>
- 1 in 10 OSS components downloaded in 2018 had known vulnerability. Read more >>
Waratek Blogs & Alerts
- Can Containerization be the Solution to Legacy Java Security Risk? Read more >>
Customer CVE Alert for Week of June 24th, 2019
Below is a list of CV’s that were announced last week which are protected by the Waratek ARMR Platform.
This list is not comprehensive of all of the CVEs issued and only represents application vulnerabilities. For customers that have questions, please contact your account manager or support@waratek.com. If you want more information on any of the CVE’s below, please visit the Mitre site here.
Notes:
Dates are dd/mm.
NVD Disclaimer: The date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
| CVE | CWE | Vuln Type | Update Date | CVSS Score | Remotely Exploitable | Detail |
| CVE-2018-17374 | 89 | Sql | 20/06/2019 | 7.5 | Remote | SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter. |
| CVE-2018-17381 | 89 | Sql | 20/06/2019 | 7.5 | Remote | SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter. |
| CVE-2018-17386 | 89 | Sql | 21/06/2019 | 7.5 | Remote | SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter |
| CVE-2018-17388 | 89 | Sql | 20/06/2019 | 7.5 | Remote | SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php |
| CVE-2018-17393 | 89 | Sql | 20/06/2019 | 7.5 | Remote | SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php. |
| CVE-2018-17398 | 89 | Sql | 20/06/2019 | 7.5 | Remote | SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter. |
| CVE-2018-17399 | 89 | Sql | 20/06/2019 | 7.5 | Remote | SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter. |
| CVE-2018-17840 | 89 | Sql | 20/06/2019 | 7.5 | Remote | SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject |
| CVE-2018-17841 | 89 | Sql | 20/06/2019 | 7.5 | Remote | SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter. |
| CVE-2018-17842 | 89 | Sql | 20/06/2019 | 7.5 | Remote | SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter. |
| CVE-2018-18757 | 89 | Sql | 20/06/2019 | 7.5 | Remote | Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection |
| CVE-2018-18758 | 89 | Sql | 20/06/2019 | 7.5 | Remote | Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection |
| CVE-2019-12939 | 89 | Sql | 26/06/2019 | 7.5 | Remote | LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. |
| CVE-2019-12960 | 89 | Sql | 25/06/2019 | 7.5 | Remote | LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. |
| CVE-2019-2729 | 284 | 21/06/2019 | 7.5 | Remote | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 | |
| CVE-2018-17387 | 352 | CSRF | 21/06/2019 | 6.8 | Remote | CSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for adding an admin account. |
| CVE-2018-17389 | 352 | CSRF | 20/06/2019 | 6.8 | Remote | CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account. |
| CVE-2019-10719 | 22 | Exec Code Dir. Trav. | 23/06/2019 | 6.5 | Remote | BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled |
| CVE-2019-10720 | 22 | Exec Code Dir. Trav. | 23/06/2019 | 6.5 | Remote | BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714. |
| CVE-2019-10072 | 400 | 25/06/2019 | 5 | Remote | The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. | |
| CVE-2019-10718 | 611 | 23/06/2019 | 5 | Remote | BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection | |
| CVE-2019-11392 | 611 | 23/06/2019 | 5 | Remote | BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. | |
| CVE-2019-12346 | 79 | XSS | 26/06/2019 | 4.3 | Remote | In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress |
| CVE-2019-12384 | 502 | Exec Code | 26/06/2019 | 4.3 | Remote | FasterXML jackson-databind 2.x before 2.9.9 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content |
| CVE-2019-12814 | 200 | Unknown | 23/06/2019 | 4.3 | Remote | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath |
| CVE-2019-12935 | 79 | XSS | 25/06/2019 | 4.3 | Remote | Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI. |
| CVE-2019-12962 | 79 | XSS | 25/06/2019 | 4.3 | Remote | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. |
| CVE-2019-12963 | 79 | XSS | 25/06/2019 | 4.3 | Remote | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. |
| CVE-2019-12964 | 79 | XSS | 25/06/2019 | 4.3 | Remote | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. |
| CVE-2019-4157 | 79 | XSS | 26/06/2019 | 4.3 | Remote | IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573. |
| CVE-2017-15694 | 88 | 24/06/2019 | 4 | Remote | When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode | |
| CVE-2018-16251 | 89 | Sql | 21/06/2019 | 4 | Remote | A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered |
| CVE-2019-4384 | 22 | Dir. Trav. | 20/06/2019 | 4 | Remote | IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172. |
| CVE-2018-16247 | 79 | XSS | 20/06/2019 | 3.5 | Remote | YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter. |
| CVE-2018-16250 | 79 | XSS | 21/06/2019 | 3.5 | Remote | The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information |
| CVE-2019-12745 | 79 | XSS | 24/06/2019 | 3.5 | Remote | out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field. |
| CVE-2019-4303 | 79 | XSS | 19/06/2019 | 3.5 | Remote | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949. |
