Security Vulnerabilities - CVEs Published In October 2019
xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.
CVSS Score
5.5
EPSS Score
0.004
Published
2019-10-30
In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.
CVSS Score
5.5
EPSS Score
0.004
Published
2019-10-30
Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.
CVSS Score
7.5
EPSS Score
0.866
Published
2019-10-30
ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-10-30
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-10-30
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-10-30
In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page.
CVSS Score
5.4
EPSS Score
0.005
Published
2019-10-30
Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.
CVSS Score
8.8
EPSS Score
0.01
Published
2019-10-30
Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-30
A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-10-30