Vuldb Updates

A vulnerability was found in Photodex ProShow Producer 9.0.3797 and classified as problematic. The affected element is an unknown function of the component ScsiAccess Service. The manipulation results in unquoted search path. This vulnerability is known as CVE-2019-25274. Attacking locally is a requirement. Furthermore, an exploit is available.

A vulnerability was found in FileHorse BartVPN 1.2.2. It has been classified as problematic. The impacted element is an unknown function. This manipulation causes unquoted search path. This vulnerability is handled as CVE-2019-25275. It is possible to launch the attack on the local host. Additionally, an exploit exists.

A vulnerability, which was classified as problematic, was found in TexasSoft CyberPlanet 6.4.131. This issue affects some unknown processing of the file C:\Program Files (x86)\Tenaxsoft\CyberPlanet\SrvProxy.exe of the component CCSrvProxy Service. Executing a manipulation can lead to unquoted search path. This vulnerability appears as CVE-2019-25272. The attack requires local access. In addition, an exploit is available.

A vulnerability labeled as problematic has been found in Netgate Amiti Antivirus 25.0.640. This impacts an unknown function of the component Windows Service. Executing a manipulation can lead to unquoted search path. This vulnerability is tracked as CVE-2019-25269. The attack is restricted to local execution. Moreover, an exploit is present.

A vulnerability, which was classified as problematic, has been found in NETGATE Data Backup 3.0.620. This vulnerability affects unknown code of the component NGDatBckpSrv Windows Service. Performing a manipulation results in unquoted search path. This vulnerability is reported as CVE-2019-25271. The attack requires a local approach. Moreover, an exploit is present.

A vulnerability classified as problematic was found in Wftpserver Wing FTP Server 6.0.7. This affects an unknown part. Such manipulation leads to unquoted search path. This vulnerability is documented as CVE-2019-25267. The attack needs to be performed locally. Additionally, an exploit exists.

A vulnerability has been found in Openeclass GUnet OpenEclass 1.7.3 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument unvalidated leads to sql injection. This vulnerability is traded as CVE-2020-37112. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualize_data. Such manipulation of the argument vegalite_specification leads to code injection. This vulnerability is listed as CVE-2026-1977. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as problematic, has been found in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. This vulnerability is cataloged as CVE-2026-1978. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. You should change the configuration settings.

A vulnerability labeled as critical has been found in thejshen contentManagementSystem 1.04. This vulnerability affects unknown code of the component GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2019-25303. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Acer Launch Manager 6.1.7600.16385. It has been rated as problematic. This vulnerability affects unknown code of the file C:\Program Files (x86)\Launch Manager\dsiwmis.exe. This manipulation causes unquoted search path. This vulnerability appears as CVE-2019-25302. The attack requires local access. In addition, an exploit is available.

A vulnerability categorized as problematic has been discovered in Alps HID Monitor Service 8.1.0.10. This issue affects some unknown processing of the file C:\Program Files\Apoint2K\HidMonitorSvc.exe. Such manipulation leads to unquoted search path. This vulnerability is traded as CVE-2019-25292. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability identified as problematic has been detected in Issivs Intelligent Security System SecurOS Enterprise 10.0.18362. Impacted is an unknown function of the file C:\Program Files (x86)\ISS\SecurOS\. Performing a manipulation results in unquoted search path. This vulnerability is known as CVE-2019-25304. Attacking locally is a requirement. Furthermore, an exploit is available.

A vulnerability categorized as problematic has been discovered in thrsrossi Millhouse Project 1.414. The affected element is an unknown function of the file add_comment_sql.php. Such manipulation of the argument content leads to cross site scripting. This vulnerability is uniquely identified as CVE-2019-25301. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in rimbalinux AhadPOS 1.11. It has been declared as critical. The impacted element is an unknown function of the component POST Handler. Such manipulation of the argument alamatCustomer leads to sql injection. This vulnerability is traded as CVE-2019-25299. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in thejshen Globitek CMS 1.4. It has been declared as critical. This affects an unknown part of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2019-25300. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in AllHandsMarketing PhpIX 2012 Professional. This affects an unknown function of the file product_detail.php. The manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2020-37108. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in redmine PMB 5.6. This impacts an unknown function of the file /admin/sauvegarde/download.php of the component Requests Handler. The manipulation of the argument logid results in sql injection. This vulnerability is cataloged as CVE-2020-37105. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Davidvg 60CycleCMS 2.5.2. Affected is an unknown function in the library common/lib.php of the file news.php of the component Query Parameter Handler. This manipulation causes sql injection. This vulnerability is registered as CVE-2020-37110. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Portabilis i-Educar up to 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. This vulnerability is referenced as CVE-2026-2064. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.