A vulnerability classified as problematic was found in Lansweeper up to 6.0.0. Affected by this vulnerability is some unknown functionality of the component Image Retrieval URI Handler. Upgrading to version 18.104.22.168 eliminates this vulnerability.
Intelbras Router WRN150 1.0.18 – Persistent Cross-Site Scripting
In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files.
A vulnerability, which was classified as critical, has been found in e107 CMS 2.1.1 (Content Management System). Affected by this issue is the function menuSaveVisibility of the file e107_admin/menus.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
A vulnerability, which was classified as critical, was found in VirtueMart com_virtuemart Component 3.0.14 on Joomla (Joomla Component). This affects an unknown code of the file administrator/index.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The GREE+ (aka com.gree.greeplus) application 22.214.171.124 for Android suffers from Cross Site Request Forgery.
A vulnerability has been found in Hitachi Device Manager up to 8.5.2 and classified as critical. This vulnerability affects an unknown code block of the component RMI Port Handler. Upgrading to version 8.5.2-01 eliminates this vulnerability.
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.
A vulnerability was found in Hitachi Device Manager and Replication Manager up to 8.5.2 and classified as problematic. This issue affects some unknown processing. Upgrading eliminates this vulnerability.
In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.
A vulnerability was found in Hitachi Device Manager and Tuning Manager up to 8.5.2. It has been classified as critical. Affected is an unknown function. Upgrading eliminates this vulnerability.
The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
A vulnerability classified as problematic has been found in Bram Korsten Note up to 1.2.0. Affected is an unknown functionality of the file note-sourceuieditor.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.