Security Vulnerabilities - CVEs Published In December 2019
class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.
CVSS Score
9.1
EPSS Score
0.002
Published
2019-12-30
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-12-30
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-12-30
log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-12-30
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-12-30
An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-12-30
php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-12-30
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
Known exploited
CVSS Score
7.5
EPSS Score
0.945
Published
2019-12-30
CVE-2019-17621
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Known exploited
CVSS Score
9.8
EPSS Score
0.932
Published
2019-12-30
translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-12-30