Cybercriminal’s Black Market Pricing Guide

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-16395
PUBLISHED: 2019-09-17

GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.

CVE-2019-16396
PUBLISHED: 2019-09-17

GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.

CVE-2019-16199
PUBLISHED: 2019-09-17

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.

CVE-2019-16391
PUBLISHED: 2019-09-17

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.

CVE-2019-16392
PUBLISHED: 2019-09-17

SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.

Read More HERE

Leave a Reply