News aggregator

Vuln: Yokogawa Vnet/IP Open Communication Driver CVE-2018-16196 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Sat, 12/21/2019 - 00:00
Yokogawa Vnet/IP Open Communication Driver CVE-2018-16196 Denial of Service Vulnerability
Categories: Security News

Vuln: Foreman CVE-2018-14664 Multiple HTML Injection Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 10/10/2019 - 00:00
Foreman CVE-2018-14664 Multiple HTML Injection Vulnerabilities
Categories: Security News

Vuln: OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities

SecurityFocus Vulnerabilities - Wed, 09/11/2019 - 00:00
OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities
Categories: Security News

Bugtraq: [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

SecurityFocus Vulnerabilities - 1 hour 1 sec ago
[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2
Categories: Security News

CVE-2018-20165

National Vulnerability Database - Fri, 03/22/2019 - 16:29
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.
Categories: Security News

CVE-2019-1716

National Vulnerability Database - Fri, 03/22/2019 - 16:29
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series.
Categories: Security News

CVE-2019-1763

National Vulnerability Database - Fri, 03/22/2019 - 16:29
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.
Categories: Security News

CVE-2019-1764

National Vulnerability Database - Fri, 03/22/2019 - 16:29
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.
Categories: Security News

CVE-2019-1765

National Vulnerability Database - Fri, 03/22/2019 - 16:29
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series.
Categories: Security News

CVE-2019-1766

National Vulnerability Database - Fri, 03/22/2019 - 16:29
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 12.5(1)SR1.
Categories: Security News

CVE-2019-9649

National Vulnerability Database - Fri, 03/22/2019 - 16:29
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date.
Categories: Security News

CVE-2019-4035

National Vulnerability Database - Fri, 03/22/2019 - 15:29
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001.
Categories: Security News

CVE-2019-4052

National Vulnerability Database - Fri, 03/22/2019 - 15:29
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.
Categories: Security News

CVE-2019-9648

National Vulnerability Database - Fri, 03/22/2019 - 15:29
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.
Categories: Security News

CVE-2019-9923

National Vulnerability Database - Fri, 03/22/2019 - 04:29
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
Categories: Security News

CVE-2019-9924

National Vulnerability Database - Fri, 03/22/2019 - 04:29
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
Categories: Security News

CVE-2019-9925 (s-cms)

National Vulnerability Database - Fri, 03/22/2019 - 04:29
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
Categories: Security News

CVE-2019-9927 (caret)

National Vulnerability Database - Fri, 03/22/2019 - 04:29
Caret before 2019-02-22 allows Remote Code Execution.
Categories: Security News

CVE-2019-9936

National Vulnerability Database - Fri, 03/22/2019 - 04:29
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
Categories: Security News

CVE-2019-9937

National Vulnerability Database - Fri, 03/22/2019 - 04:29
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.
Categories: Security News

Pages