Security News

CVE-2018-17064

National Vulnerability Database - Sat, 09/15/2018 - 17:29
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked.
Categories: Security News

CVE-2018-17065

National Vulnerability Database - Sat, 09/15/2018 - 17:29
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.
Categories: Security News

CVE-2018-17066

National Vulnerability Database - Sat, 09/15/2018 - 17:29
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.
Categories: Security News

CVE-2018-17067

National Vulnerability Database - Sat, 09/15/2018 - 17:29
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.
Categories: Security News

CVE-2018-17068

National Vulnerability Database - Sat, 09/15/2018 - 17:29
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.
Categories: Security News

CVE-2018-17061

National Vulnerability Database - Sat, 09/15/2018 - 15:29
BullGuard Safe Browsing 18.1.355 allows XSS on Google, Bing, and Yahoo! pages via domains indexed in search results.
Categories: Security News

Vuln: WebKit '-webkit-backdrop-filter CSS' Property Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Sat, 09/15/2018 - 00:00
WebKit '-webkit-backdrop-filter CSS' Property Denial of Service Vulnerability
Categories: Security News

CVE-2018-16287

National Vulnerability Database - Fri, 09/14/2018 - 17:29
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
Categories: Security News

CVE-2018-16288

National Vulnerability Database - Fri, 09/14/2018 - 17:29
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
Categories: Security News

CVE-2018-16706

National Vulnerability Database - Fri, 09/14/2018 - 17:29
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.
Categories: Security News

CVE-2017-16639

National Vulnerability Database - Fri, 09/14/2018 - 17:29
Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability.
Categories: Security News

CVE-2018-10763

National Vulnerability Database - Fri, 09/14/2018 - 17:29
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.
Categories: Security News

CVE-2018-10814

National Vulnerability Database - Fri, 09/14/2018 - 17:29
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
Categories: Security News

CVE-2018-12086

National Vulnerability Database - Fri, 09/14/2018 - 17:29
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
Categories: Security News

CVE-2018-12585

National Vulnerability Database - Fri, 09/14/2018 - 17:29
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.
Categories: Security News

CVE-2018-16242

National Vulnerability Database - Fri, 09/14/2018 - 17:29
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.
Categories: Security News

CVE-2018-16286

National Vulnerability Database - Fri, 09/14/2018 - 17:29
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
Categories: Security News

CVE-2018-11058

National Vulnerability Database - Fri, 09/14/2018 - 16:29
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.
Categories: Security News

CVE-2018-11087

National Vulnerability Database - Fri, 09/14/2018 - 16:29
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.
Categories: Security News

CVE-2018-17057

National Vulnerability Database - Fri, 09/14/2018 - 16:29
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Categories: Security News

Pages