Security News

CVE-2018-6102

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Categories: Security News

CVE-2018-6103

National Vulnerability Database - Tue, 12/04/2018 - 12:29
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to bypass permission policy via a crafted HTML page.
Categories: Security News

CVE-2018-6104

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Categories: Security News

CVE-2018-6105

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Categories: Security News

CVE-2018-6107

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Categories: Security News

CVE-2018-6108

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
Categories: Security News

CVE-2018-6115

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.
Categories: Security News

CVE-2018-6116

National Vulnerability Database - Tue, 12/04/2018 - 12:29
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Categories: Security News

CVE-2018-11347

National Vulnerability Database - Tue, 12/04/2018 - 12:29
The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to perform other attacks such as user redirection to a malicious website, HTTP response splitting, or HTTP cache poisoning.
Categories: Security News

CVE-2018-11348

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session.
Categories: Security News

CVE-2018-12305

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.
Categories: Security News

CVE-2018-12306

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
Categories: Security News

CVE-2018-12307

National Vulnerability Database - Tue, 12/04/2018 - 12:29
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
Categories: Security News

CVE-2018-12308

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
Categories: Security News

CVE-2018-12309

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.
Categories: Security News

CVE-2018-12310

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.
Categories: Security News

CVE-2018-12311

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.
Categories: Security News

CVE-2018-12312

National Vulnerability Database - Tue, 12/04/2018 - 12:29
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.
Categories: Security News

CVE-2018-12313

National Vulnerability Database - Tue, 12/04/2018 - 12:29
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
Categories: Security News

CVE-2018-12314

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.
Categories: Security News

Pages