New Professional Development Institute Aims to Combat Cybersecurity Skills Shortage

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-8360
PUBLISHED: 2019-02-16

Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.

CVE-2019-8361
PUBLISHED: 2019-02-16

PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.

CVE-2019-8362
PUBLISHED: 2019-02-16

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, o…

CVE-2019-8363
PUBLISHED: 2019-02-16

Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.

CVE-2019-8358
PUBLISHED: 2019-02-16

In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.

Read More HERE

Leave a Reply